28294db9bc0caa87ed5de28eef22dfbf4f10fd8b6a48831cd0ce7d2f72db4448

Analysis

max time kernel
93s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 14:39

Target

f8361ac056673b424c4fe754916721a2_JaffaCakes118.dll
Size

100KB
MD5

f8361ac056673b424c4fe754916721a2
SHA1

61deae19f087dd88ed3531a0328aa01e68122f5a
SHA256

28294db9bc0caa87ed5de28eef22dfbf4f10fd8b6a48831cd0ce7d2f72db4448
SHA512

fa373d9bac76385ed4704c630c149913cf691c282548a536907f384c51c1357f0b6da6427961ee4f54c53a3d79b4f6cd0c07bbe151d15635203dd526c569c799
SSDEEP

3072:Lq/rX0yIym999z+Ler4SMm89ogBOtpiXBAwZNv:Lqr9Iier1Mm89NO2Xjf

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4356	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 4356	2044	rundll32.exe	85
PID 2044 wrote to memory of 4356	2044	rundll32.exe	85
PID 2044 wrote to memory of 4356	2044	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f8361ac056673b424c4fe754916721a2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f8361ac056673b424c4fe754916721a2_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4356

memory/4356-0-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download
memory/4356-1-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download
memory/4356-2-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download
memory/4356-3-0x0000000000AF0000-0x0000000000C08000-memory.dmp

Filesize
1.1MB

Download
memory/4356-4-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download