3b06df503876be6ce7b870dec2b63a6d69571846689ef8fabf58899e5dd0355b

Analysis

max time kernel
143s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 16:22

Target

16ad3f9bf5e93dd8fa26dc6747c87167_JaffaCakes118.dll
Size

346KB
MD5

16ad3f9bf5e93dd8fa26dc6747c87167
SHA1

bfc8cac3cc8735288be04b3f39a1455aaf2ed1a6
SHA256

3b06df503876be6ce7b870dec2b63a6d69571846689ef8fabf58899e5dd0355b
SHA512

bd9d366d5fdf3eed2eac5e161789872f3170e0fdded45e6988696daca6ec2824b60a602b62e2a4bf43e75692299172a349b0890cbdc00ca7a89b97985cd44d5d
SSDEEP

3072:582jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:a2L7HN7Kl/jLA90QECrYRpj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 5068 wrote to memory of 4640	5068	rundll32.exe	rundll32.exe
PID 5068 wrote to memory of 4640	5068	rundll32.exe	rundll32.exe
PID 5068 wrote to memory of 4640	5068	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\16ad3f9bf5e93dd8fa26dc6747c87167_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5068

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\16ad3f9bf5e93dd8fa26dc6747c87167_JaffaCakes118.dll,#1
2⤵
PID:4640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4416,i,4778049104057176787,6631751660692402210,262144 --variations-seed-version --mojo-platform-channel-handle=1032 /prefetch:8
1⤵
PID:2576