8c1a92092ed789f8150adfb6ff1158f493130ecf14ce295ca5fd11b8c7b9b6c5

Analysis

max time kernel
128s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 21:07

Target

0f87c3ecf6735ad530f7191523b90c9a_JaffaCakes118.dll
Size

346KB
MD5

0f87c3ecf6735ad530f7191523b90c9a
SHA1

a7bdbb5c6a85626f8cefe898602a65ea91f50195
SHA256

8c1a92092ed789f8150adfb6ff1158f493130ecf14ce295ca5fd11b8c7b9b6c5
SHA512

518b1199b2b23be7d22ef0cd3d640e47702ee8ab70d081a41739ef68e438c0c8186f669b927c628994f9258d2547373af80825c3774beb3df28fde9c45f7364b
SSDEEP

3072:K82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:R2L7HN7Kl/jLA90QECrYRpj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 860 wrote to memory of 4736	860	rundll32.exe	rundll32.exe
PID 860 wrote to memory of 4736	860	rundll32.exe	rundll32.exe
PID 860 wrote to memory of 4736	860	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f87c3ecf6735ad530f7191523b90c9a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:860

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f87c3ecf6735ad530f7191523b90c9a_JaffaCakes118.dll,#1
2⤵
PID:4736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4280,i,6522675234395427298,2952738987384583032,262144 --variations-seed-version --mojo-platform-channel-handle=4328 /prefetch:8
1⤵
PID:1464