bdbd2f98b8c98fbdd2dd2fb3aeebb78109083df8a8d372bffe2d12fd592ddd47

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 00:19

Target

3744dcb8b8026234830b8e545149091f_JaffaCakes118.dll
Size

1.9MB
MD5

3744dcb8b8026234830b8e545149091f
SHA1

da4887cb304f21b04a0264b61d8a62f1cf6ae75e
SHA256

bdbd2f98b8c98fbdd2dd2fb3aeebb78109083df8a8d372bffe2d12fd592ddd47
SHA512

2a3a5d0df07a65053a7868b388331139fac7fc740eca9b25916fa00d5632f19c19a24c6ea8a99c28c71490e571788de2e9db18dcab006873fae823bbad44309e
SSDEEP

24576:twRx3O4H3e6Nj6apmjV3QUflk5BOScIDWZVjiu6bdYvuCnAHqQiM7hUueneGFcHH:t1dB3Q6ooS7cqb7CnAyneacHwi

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1932	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 1932	2064	rundll32.exe	28
PID 2064 wrote to memory of 1932	2064	rundll32.exe	28
PID 2064 wrote to memory of 1932	2064	rundll32.exe	28
PID 2064 wrote to memory of 1932	2064	rundll32.exe	28
PID 2064 wrote to memory of 1932	2064	rundll32.exe	28
PID 2064 wrote to memory of 1932	2064	rundll32.exe	28
PID 2064 wrote to memory of 1932	2064	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3744dcb8b8026234830b8e545149091f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3744dcb8b8026234830b8e545149091f_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1932

memory/1932-0-0x0000000002170000-0x000000000235E000-memory.dmp

Filesize
1.9MB

Download