f1b47e987af0c2c56f3d4583c85a99829af3ca105fee76e44226dcba57024fda

Analysis

max time kernel
135s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 23:46

Target

17feb64f8802e8f3b0c35658ba35472d_JaffaCakes118.dll
Size

346KB
MD5

17feb64f8802e8f3b0c35658ba35472d
SHA1

4d170cae7dd6dfd5cfa001220816c9a08d89178a
SHA256

f1b47e987af0c2c56f3d4583c85a99829af3ca105fee76e44226dcba57024fda
SHA512

b85c23d095af68408996775aec335cb97cb86e7f0b8c3a1908f37c1c4efa0a9d67bdb1674d4a79a5d61b068801bb793c328add989df1c3cf77197a3320265a45
SSDEEP

3072:382jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYR8r3:M2L7HN7Kl/jLA90QECrYR63

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2256 wrote to memory of 384	2256	rundll32.exe	rundll32.exe
PID 2256 wrote to memory of 384	2256	rundll32.exe	rundll32.exe
PID 2256 wrote to memory of 384	2256	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17feb64f8802e8f3b0c35658ba35472d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2256

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17feb64f8802e8f3b0c35658ba35472d_JaffaCakes118.dll,#1
2⤵
PID:384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4296,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=3064 /prefetch:8
1⤵
PID:4428