26b9bb3402c1e472a9a09009c4345844b0f1307296f2fc0e1330fd112380aa14

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 19:45

Target

174ba7dc50d1e8ae3bec341ccdfe4d37_JaffaCakes118.dll
Size

330KB
MD5

174ba7dc50d1e8ae3bec341ccdfe4d37
SHA1

54cae33ea65cde7c4e2057cbe2d4b619e5addf59
SHA256

26b9bb3402c1e472a9a09009c4345844b0f1307296f2fc0e1330fd112380aa14
SHA512

5cd27dfddac4ed10acde8f05f636a08978996e22051bae032c98b18c195a6806b88e445a99d35c57b8ac676f1c3d56b7b5ab0f49bda261657b31348491d2e86d
SSDEEP

3072:dRq1sFAd2gQ5PmBvNZwnnq1gn2RvoXiDzAYgrO1v2F5j81qc:Xq1sFAwgwmBv3wnIgG4oAYxvU54gc

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 5112 wrote to memory of 2696	5112	rundll32.exe	rundll32.exe
PID 5112 wrote to memory of 2696	5112	rundll32.exe	rundll32.exe
PID 5112 wrote to memory of 2696	5112	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\174ba7dc50d1e8ae3bec341ccdfe4d37_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5112

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\174ba7dc50d1e8ae3bec341ccdfe4d37_JaffaCakes118.dll,#1
2⤵
PID:2696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3760 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:3260