1838a0183e980436c63a265a228097de9e35b79d25b498bd8c1d79ac13f5dbeb

Analysis

max time kernel
141s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 18:04

Target

f4082c5bb04ed93beca319a8586d84a6_JaffaCakes118.dll
Size

71KB
MD5

f4082c5bb04ed93beca319a8586d84a6
SHA1

4311c78c25aafb46f8812c8d671e451511c1c681
SHA256

1838a0183e980436c63a265a228097de9e35b79d25b498bd8c1d79ac13f5dbeb
SHA512

231b25758f79147f1ba5742810013a6bb6bc6401f18046b27457cd82cfd88f91ed31e252652eeb8084e02c63a58dde872e616463d5b571131014708350329cf0
SSDEEP

1536:kFbEHJeVz3XKzPyQpav/9tiPX/Lf/Y2tVzb6rQhY+pykkSDZltBRyT:kxEHJeVzn8lgn98XLf/h9zY+4kki9U

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\toyaheyu	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\yegehiwu.dll	rundll32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4184	rundll32.exe
4184	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 380 wrote to memory of 4184	380	rundll32.exe	93
PID 380 wrote to memory of 4184	380	rundll32.exe	93
PID 380 wrote to memory of 4184	380	rundll32.exe	93

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f4082c5bb04ed93beca319a8586d84a6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f4082c5bb04ed93beca319a8586d84a6_JaffaCakes118.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  PID:4184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1028 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:4392

memory/4184-0-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download
memory/4184-3-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download
memory/4184-2-0x0000000000D10000-0x0000000000DB3000-memory.dmp

Filesize
652KB

Download
memory/4184-1-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download
memory/4184-4-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/4184-5-0x0000000075C40000-0x0000000075E55000-memory.dmp

Filesize
2.1MB

Download
memory/4184-6-0x0000000075C40000-0x0000000075E55000-memory.dmp

Filesize
2.1MB

Download
memory/4184-10-0x0000000075C40000-0x0000000075E55000-memory.dmp

Filesize
2.1MB

Download
memory/4184-12-0x00000000769A0000-0x00000000769A6000-memory.dmp

Filesize
24KB

Download
memory/4184-11-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download
memory/4184-16-0x0000000075C40000-0x0000000075E55000-memory.dmp

Filesize
2.1MB

Download
memory/4184-17-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download