c9cfa9a47deb57fe47a01405a46c062d5bd296e898e82931bee50b860d1dacb0

Analysis

max time kernel
137s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 15:54

Target

0ea843373e0ce72fe2195325e4dcb335_JaffaCakes118.dll
Size

340KB
MD5

0ea843373e0ce72fe2195325e4dcb335
SHA1

5f64527a62d6aed596994508b3b680c5235dff31
SHA256

c9cfa9a47deb57fe47a01405a46c062d5bd296e898e82931bee50b860d1dacb0
SHA512

f46a52ba4ee9792a5b981700f19582c0fee02780fb03cf5d4d577e412f9e91fa010c4dff3e79cfd853a667070c977fb99cbcd9aa23fcc58e0891cfbb3bc0093a
SSDEEP

3072:9vA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:9206xWgGxLxWN40PDKR/JnX2P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 5112 wrote to memory of 1876	5112	rundll32.exe	rundll32.exe
PID 5112 wrote to memory of 1876	5112	rundll32.exe	rundll32.exe
PID 5112 wrote to memory of 1876	5112	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ea843373e0ce72fe2195325e4dcb335_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5112

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ea843373e0ce72fe2195325e4dcb335_JaffaCakes118.dll,#1
2⤵
PID:1876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3924 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:3104