e72095f884ac469dbba5d8630953ae3eb0b632f2b831621355d30fbc809adffb

Analysis

max time kernel
141s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 22:16

Target

0fb9bb8fa7b59fdbe913cb4c4c5c98b9_JaffaCakes118.dll
Size

330KB
MD5

0fb9bb8fa7b59fdbe913cb4c4c5c98b9
SHA1

238e235bde8c4137d262c146abf13adc4cd17c69
SHA256

e72095f884ac469dbba5d8630953ae3eb0b632f2b831621355d30fbc809adffb
SHA512

31d32ac4b9c658bacebee4e85d7543fa7daeb78cc2e3b45ce6e767fca8103b47e54b176eff068728e95e9ddad63d3a52dcde8d727c30d3741968a060f01acfa6
SSDEEP

3072:jRq1sFAd2gQ5PmBvNZwnnq1gn2RvoXiDzAYgrO1v2F5j8eFu:Fq1sFAwgwmBv3wnIgG4oAYxvU54eu

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3808 wrote to memory of 2016	3808	rundll32.exe	rundll32.exe
PID 3808 wrote to memory of 2016	3808	rundll32.exe	rundll32.exe
PID 3808 wrote to memory of 2016	3808	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fb9bb8fa7b59fdbe913cb4c4c5c98b9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3808

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fb9bb8fa7b59fdbe913cb4c4c5c98b9_JaffaCakes118.dll,#1
2⤵
PID:2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3924,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=4084 /prefetch:8
1⤵
PID:4368