c9df61ec1a4a740845982a8562cf109d8c5666271551e9fb9e9c365d2870e03b

Analysis

max time kernel
137s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 20:23

Target

1c608478446ed6cff588d710cbc28f94_JaffaCakes118.dll
Size

346KB
MD5

1c608478446ed6cff588d710cbc28f94
SHA1

34df1e83eb0a3a5e103f78ff3aa1eb65ff29ff45
SHA256

c9df61ec1a4a740845982a8562cf109d8c5666271551e9fb9e9c365d2870e03b
SHA512

cfd6331186da964c61f74ff16e3942d600a885fb59985137a4e4389a90bef2d224950e77594751c98f7ffaca4b955f9542dc4e989a94ffe05bb3d32b37441a99
SSDEEP

3072:T82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYR8r3:w2L7HN7Kl/jLA90QECrYR63

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4076 wrote to memory of 4740	4076	rundll32.exe	rundll32.exe
PID 4076 wrote to memory of 4740	4076	rundll32.exe	rundll32.exe
PID 4076 wrote to memory of 4740	4076	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c608478446ed6cff588d710cbc28f94_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4076

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c608478446ed6cff588d710cbc28f94_JaffaCakes118.dll,#1
2⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3948 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:4496