c7cc239f0eb455afc9f192cbd2bcbc6f5faecc2756b705640de63c0fea7f3a24

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
23/06/2024, 22:33

Target

0310d16014c5fb160535e3db42a1e0d6_JaffaCakes118.dll
Size

100KB
MD5

0310d16014c5fb160535e3db42a1e0d6
SHA1

dd3dce4d20953b9d10e18d3450852f5437adfd49
SHA256

c7cc239f0eb455afc9f192cbd2bcbc6f5faecc2756b705640de63c0fea7f3a24
SHA512

fa256695b845954de37a81299f433d7659f09c06673cc3bc71ebc949e002539b99a21d674bf1020d19760862acbae025beeafddd4630a7b09904ea1145360f5d
SSDEEP

1536:Dnys5590LogsjTKSH7E+tDSpx9hqBqF3KlBniV14ba:Dnym59Qogsa+tDSpfh1F3KlBni6a

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
656	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 656	3000	rundll32.exe	83
PID 3000 wrote to memory of 656	3000	rundll32.exe	83
PID 3000 wrote to memory of 656	3000	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0310d16014c5fb160535e3db42a1e0d6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0310d16014c5fb160535e3db42a1e0d6_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:656