132cc7b600b1533c4b92daeb52cf2a9839d0e46e18e758a3fc0141404a69ac88

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 14:37

Target

7d51db42fce71b58f986c190cfd0d518_JaffaCakes118.dll
Size

30KB
MD5

7d51db42fce71b58f986c190cfd0d518
SHA1

f628b36d68d46c9f5cb4ea54c698a3c3bc6bf0aa
SHA256

132cc7b600b1533c4b92daeb52cf2a9839d0e46e18e758a3fc0141404a69ac88
SHA512

17d90bb4177352c93231f24aaf5b2a5307471b9a895afbdaedb4af72efa73e4f9a22cfeaa0a00dcb8946803bfc649899e3aa552f5af82403021c1f247e7387e6
SSDEEP

768:zaQhqMOlXGkWMhS3Ysy4qsAOZhd8yOe1C:zRrKXGOS3Y3OZoI1C

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2472	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d51db42fce71b58f986c190cfd0d518_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d51db42fce71b58f986c190cfd0d518_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2472