fe4184a9f7374611c68b9dc302d093ab69cc3d836c1612800d6aa45ce6f3043d

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 04:15

Target

18bdc1196d7b824b7638776728ac8bb2_JaffaCakes118.dll
Size

330KB
MD5

18bdc1196d7b824b7638776728ac8bb2
SHA1

4438fe8ce02db652e22e4e733f72aa03eb4be329
SHA256

fe4184a9f7374611c68b9dc302d093ab69cc3d836c1612800d6aa45ce6f3043d
SHA512

63ec96ed93d60f814aa7927ea635ad5f07f46c665a721b6ddf1ece3d0d6e347e48765fe8b9a59fdb1364cecb9eb5e2b0e350ecf340b2bbc1797463dd592f242f
SSDEEP

3072:MRq1sFAd2gQ5PmBvNZwnnq1gn2RvoXiDzAYgrO1v2F5j8eFu:eq1sFAwgwmBv3wnIgG4oAYxvU54eu

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2132 wrote to memory of 3456	2132	rundll32.exe	rundll32.exe
PID 2132 wrote to memory of 3456	2132	rundll32.exe	rundll32.exe
PID 2132 wrote to memory of 3456	2132	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\18bdc1196d7b824b7638776728ac8bb2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2132

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\18bdc1196d7b824b7638776728ac8bb2_JaffaCakes118.dll,#1
2⤵
PID:3456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=764 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:4736