05059245a6bda75c25c1ed1ddd9a8d81f3bd17177ab4531213b029493a081574

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 01:31

Target

01b897b3d6a2feef69db48e0c0a8c2b2_JaffaCakes118.dll
Size

44KB
MD5

01b897b3d6a2feef69db48e0c0a8c2b2
SHA1

a9f2cf145065d7ddd782f40e6f39439893564229
SHA256

05059245a6bda75c25c1ed1ddd9a8d81f3bd17177ab4531213b029493a081574
SHA512

b1758806f3334e566b9edde30832db20e32539bdd9b458cb5b9bd087f0e5861b025bd40cff21e0cb2446d6cac9cecde7a47b83b763802e160489408e8bc029e2
SSDEEP

768:NPpkavYvuhmaGJk2T7+Pg/g0jWAK4vmhvgLa1O:Ni+caGJTT7ug/gFAKgLLao

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4288	Rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4288	Rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 940 wrote to memory of 988	940	regsvr32.exe	82
PID 940 wrote to memory of 988	940	regsvr32.exe	82
PID 940 wrote to memory of 988	940	regsvr32.exe	82
PID 988 wrote to memory of 4288	988	regsvr32.exe	83
PID 988 wrote to memory of 4288	988	regsvr32.exe	83
PID 988 wrote to memory of 4288	988	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\01b897b3d6a2feef69db48e0c0a8c2b2_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:940
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\01b897b3d6a2feef69db48e0c0a8c2b2_JaffaCakes118.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:988
- - C:\Windows\SysWOW64\Rundll32.exe
    C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\01b897b3d6a2feef69db48e0c0a8c2b2_JaffaCakes118.dll,DllUnregisterServer
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:4288