3e9a702bb6f63bb6f53bde40c61b27e645b32fcfc22ba6b2bd86cb9892d85c65

Analysis

max time kernel
141s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 18:25

Target

0a1e08ab193b9e219e645959baae15cc_JaffaCakes118.dll
Size

80KB
MD5

0a1e08ab193b9e219e645959baae15cc
SHA1

b55722042171151e7cc3680b086d5d97c5858ccb
SHA256

3e9a702bb6f63bb6f53bde40c61b27e645b32fcfc22ba6b2bd86cb9892d85c65
SHA512

bf375c922ef9ca9ddf667a3dbce35373db6d345901ad9ade93cfcb5afb17dd656699d26e02a77bdfa00b8c01f546d47cf3e8df81a46686e583f4f5710a25048b
SSDEEP

1536:vkLciCBVJ8BrPK/WPcIMeitBNZfQZ/uiQ0WMWMN11arJ5qjBgQGfC2b1dVC0CGj:vkL7CBVJiPK/WQTS/s0WMnN11i5q1qa6

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1436	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 1436	2736	rundll32.exe	82
PID 2736 wrote to memory of 1436	2736	rundll32.exe	82
PID 2736 wrote to memory of 1436	2736	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a1e08ab193b9e219e645959baae15cc_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a1e08ab193b9e219e645959baae15cc_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1436

memory/1436-1-0x0000000000990000-0x0000000000995000-memory.dmp

Filesize
20KB

Download
memory/1436-0-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/1436-2-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/1436-3-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/1436-5-0x0000000000990000-0x0000000000995000-memory.dmp

Filesize
20KB

Download