195cd2faf98a20eb489ea121112138ebb684a72c8b24701a5ab5c9e1a6df21cb

Analysis

max time kernel
131s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 09:55

Target

33ff3c3b60ff17c697aa65b2188eb049_JaffaCakes118.dll
Size

28KB
MD5

33ff3c3b60ff17c697aa65b2188eb049
SHA1

bcb9237a696307eee398d719103a1d634c89275e
SHA256

195cd2faf98a20eb489ea121112138ebb684a72c8b24701a5ab5c9e1a6df21cb
SHA512

0629ef57b4932999132c573afc657c25538d89c24fa123e12e04f69f774bc79b79de7ec733d73fa2ac5781c5bced5be6339e6fc87c89ec9d62fa8530005b78f6
SSDEEP

192:S+KJA8JHpIIvy9GdpN/27oaEPSrdHFYML4o6sGJqFC4cYx6nxynYxX7251YrNoEZ:yvHI2y1bwo68TsF7GUHUKIj6w9

Score

1^/10

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	explorer.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 2144	3336	rundll32.exe	83
PID 3336 wrote to memory of 2144	3336	rundll32.exe	83
PID 3336 wrote to memory of 2144	3336	rundll32.exe	83
PID 2144 wrote to memory of 1128	2144	rundll32.exe	84
PID 2144 wrote to memory of 1128	2144	rundll32.exe	84
PID 2144 wrote to memory of 1128	2144	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\33ff3c3b60ff17c697aa65b2188eb049_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\33ff3c3b60ff17c697aa65b2188eb049_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2144
- - C:\Windows\SysWOW64\explorer.exe
    explorer.exe
    3⤵
    - Modifies registry class
    PID:1128