fdaeade3c86dfed64ad28a65a139f4fa514d39a550774fddaf3d9eb28c604d3a

Analysis

max time kernel
142s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 23:48

Target

0ffa3a191315a9c835030b8ecdc7c210_JaffaCakes118.dll
Size

346KB
MD5

0ffa3a191315a9c835030b8ecdc7c210
SHA1

ee7e22eb7b5645a26bf4286dcb48a7c25edec5c9
SHA256

fdaeade3c86dfed64ad28a65a139f4fa514d39a550774fddaf3d9eb28c604d3a
SHA512

f6672864954c13eb331176002d004dc11a15f4c16def1bd8e4ef90856b39ff06bda6ea5fd3773f475c27e6a9229fa8c58b559cc03a9aed6818f9664883b24ae0
SSDEEP

3072:D82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:g2L7HN7Kl/jLA90QECrYRpj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4552 wrote to memory of 1600	4552	rundll32.exe	rundll32.exe
PID 4552 wrote to memory of 1600	4552	rundll32.exe	rundll32.exe
PID 4552 wrote to memory of 1600	4552	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ffa3a191315a9c835030b8ecdc7c210_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4552

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ffa3a191315a9c835030b8ecdc7c210_JaffaCakes118.dll,#1
2⤵
PID:1600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1036 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:1232