454257cd4beea25ee394c7446b40384b716b27510fb297a26301d32dcafa97be

Analysis

max time kernel
126s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 07:49

Target

1957bbf355e859fa325604c9cc84c850_JaffaCakes118.dll
Size

48KB
MD5

1957bbf355e859fa325604c9cc84c850
SHA1

484888bae2a559469debcd24a6adf011a1b0fa0f
SHA256

454257cd4beea25ee394c7446b40384b716b27510fb297a26301d32dcafa97be
SHA512

d301bb2312551cb9a8c523cdb34cf5725de5e6d1eeefc91056907b1ea4ca91b7dcf1ec932d4f185b771b74269b6ce7c9e23935d6e62107975ba00409584aec6e
SSDEEP

768:hNkThTL8UkbkXwcpjriaWl2Pd/8oqmuwBFeaQa2q1:bkThT2VQjridCGoyk92q

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4892 wrote to memory of 2560	4892	rundll32.exe	rundll32.exe
PID 4892 wrote to memory of 2560	4892	rundll32.exe	rundll32.exe
PID 4892 wrote to memory of 2560	4892	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1957bbf355e859fa325604c9cc84c850_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4892

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1957bbf355e859fa325604c9cc84c850_JaffaCakes118.dll,#1
2⤵
PID:2560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4068,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=4072 /prefetch:8
1⤵
PID:2124