f2420f3814a89e21423a63a964a69fdd77105b8a942ccdfa1587f18c12ba1bf4

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 07:51

Target

252d085e77cf49047da542eb5c82e287_JaffaCakes118.dll
Size

15KB
MD5

252d085e77cf49047da542eb5c82e287
SHA1

93d10e8930dfd6b7233795f88867c08799974771
SHA256

f2420f3814a89e21423a63a964a69fdd77105b8a942ccdfa1587f18c12ba1bf4
SHA512

3dd74405ab5e0dc35cee997d748f7c78b1d73fe4ced15736009442959fd403c94ec888aaf5bab9fd1039247871d510967f096f09892f1bc0101bacba9bac560d
SSDEEP

192:fHQPdb92+DpUun7gTjC4QOBzKboivhK4hmSdHyX4S2HW1pizo9+n4:PkTU87gTjC4QSwKAykW1Qzo9+4

Score

1^/10

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{68F7767A-090C-4BBF-A015-720ACC6706E2}	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{68F7767A-090C-4BBF-A015-720ACC6706E2}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\252d085e77cf49047da542eb5c82e287_JaffaCakes118.dll"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{68F7767A-090C-4BBF-A015-720ACC6706E2}\InprocServer32\ThreadingModel = "Apartment"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{68F7767A-090C-4BBF-A015-720ACC6706E2}\InprocServer32	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3708	rundll32.exe
3708	rundll32.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4044 wrote to memory of 3708	4044	rundll32.exe	82
PID 4044 wrote to memory of 3708	4044	rundll32.exe	82
PID 4044 wrote to memory of 3708	4044	rundll32.exe	82
PID 3708 wrote to memory of 3512	3708	rundll32.exe	56

memory/3708-0-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download