64c60e4f5b6d027497630bab4d5d17b7a33cceb956f3cef1f85c267a775719fd

Analysis

max time kernel
135s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
26-06-2024 14:01

Target

123bf6369f51a4d4688f9dacbeb1dbce_JaffaCakes118.dll
Size

340KB
MD5

123bf6369f51a4d4688f9dacbeb1dbce
SHA1

47dde1dc255050e53b72c48e9cd5ff297882db30
SHA256

64c60e4f5b6d027497630bab4d5d17b7a33cceb956f3cef1f85c267a775719fd
SHA512

5fa7565cddf0ba5d7f4af666cb9ccde42e09c9980052725c312526f5145b6b59c6f0835bcca654eba175f2c9605fc114bf83e92552918f1d6dbef25e4a5a76bb
SSDEEP

3072:qvA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:q206xWgGxLxWN40PDKR/JnX2P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1684 wrote to memory of 4044	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 4044	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 4044	1684	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\123bf6369f51a4d4688f9dacbeb1dbce_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1684

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\123bf6369f51a4d4688f9dacbeb1dbce_JaffaCakes118.dll,#1
2⤵
PID:4044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4380,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=4368 /prefetch:8
1⤵
PID:4180