6169a7e8d4d632dfc89edad79217510f2a00a0fa8a40dbe2cdf62794df9ba945

Analysis

max time kernel
129s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 11:49

Target

1b2ea1d7381bd93b51506249712a3de9_JaffaCakes118.dll
Size

340KB
MD5

1b2ea1d7381bd93b51506249712a3de9
SHA1

c15f08aa9ada624067edafd800a4d48c3a55c89c
SHA256

6169a7e8d4d632dfc89edad79217510f2a00a0fa8a40dbe2cdf62794df9ba945
SHA512

4f26be504e004c79a26e2cf5b0908d297cbce840b56ae2dbd85134c8bd5925f0bc75523d2df404ad1106198b8db8c10a0c1b2a6fa44adf38107abd835294a2ab
SSDEEP

3072:SvA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:S206xWgGxLxWN40PDKR/JnX2P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2980 wrote to memory of 1848	2980	rundll32.exe	rundll32.exe
PID 2980 wrote to memory of 1848	2980	rundll32.exe	rundll32.exe
PID 2980 wrote to memory of 1848	2980	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b2ea1d7381bd93b51506249712a3de9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2980

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b2ea1d7381bd93b51506249712a3de9_JaffaCakes118.dll,#1
2⤵
PID:1848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1032,i,4778049104057176787,6631751660692402210,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:8
1⤵
PID:4360