f35cb94355e83769a5862a780d0dad1cb9d7e4c9eb329b6adea55f50d2c89169

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 02:49

Target

0c2406c0d08e95ac59e5d9de4b2cc366_JaffaCakes118.dll
Size

307KB
MD5

0c2406c0d08e95ac59e5d9de4b2cc366
SHA1

12a0068899b2ce5a28ff744259fa5a139ec8fe0c
SHA256

f35cb94355e83769a5862a780d0dad1cb9d7e4c9eb329b6adea55f50d2c89169
SHA512

970a978b81f39b9b64a147f895b3b25c57af4a49aa9628770ea568ed757a304a5731df657001b96b7951a3b6ad60eaf2345073425d23ddf1d046f3169a37a644
SSDEEP

6144:OTF+itsxsCPF0vNGwgsV5GebzRceV47K+nWsoL19X2Q8a:OTF+iCxsoWxgw5zdp47Zn1Q8a

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2996	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2996	2928	rundll32.exe	28
PID 2928 wrote to memory of 2996	2928	rundll32.exe	28
PID 2928 wrote to memory of 2996	2928	rundll32.exe	28
PID 2928 wrote to memory of 2996	2928	rundll32.exe	28
PID 2928 wrote to memory of 2996	2928	rundll32.exe	28
PID 2928 wrote to memory of 2996	2928	rundll32.exe	28
PID 2928 wrote to memory of 2996	2928	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c2406c0d08e95ac59e5d9de4b2cc366_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c2406c0d08e95ac59e5d9de4b2cc366_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2996

memory/2996-0-0x000000001009D000-0x000000001009E000-memory.dmp

Filesize
4KB

Download
memory/2996-1-0x0000000010000000-0x000000001009F000-memory.dmp

Filesize
636KB

Download