b1c1d0396400925a53d5cee68f07795d19155b4d9d1e61454f34bff9f4f51b50

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-06-2024 06:13

Target

10fe8afb7e65b738c73ed5569e26b231_JaffaCakes118.dll
Size

346KB
MD5

10fe8afb7e65b738c73ed5569e26b231
SHA1

4b236eaa0fea88fc07429dd4747c9984dd3a12cc
SHA256

b1c1d0396400925a53d5cee68f07795d19155b4d9d1e61454f34bff9f4f51b50
SHA512

563f19d1bccee7630cb7aaeb5a6a7e299568a9b2ee6f942098df69825b05502003a880ad6fc24845158bac03a4445d8b704967037bdf9b47be5b9f51b14ae0a2
SSDEEP

3072:T82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:w2L7HN7Kl/jLA90QECrYRpj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3708 wrote to memory of 1340	3708	rundll32.exe	rundll32.exe
PID 3708 wrote to memory of 1340	3708	rundll32.exe	rundll32.exe
PID 3708 wrote to memory of 1340	3708	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\10fe8afb7e65b738c73ed5569e26b231_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3708

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\10fe8afb7e65b738c73ed5569e26b231_JaffaCakes118.dll,#1
2⤵
PID:1340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4272 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:1624