14cce9a0ddb1a72ce2b15abd89382d3e3b5fbe213392706b3a22f37f446b1ebe

Analysis

max time kernel
94s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 02:02

Target

29a922408a9b4296b942236163813633_JaffaCakes118.dll
Size

65KB
MD5

29a922408a9b4296b942236163813633
SHA1

6e889e1286d852637539cd61f07862e8279fb7b0
SHA256

14cce9a0ddb1a72ce2b15abd89382d3e3b5fbe213392706b3a22f37f446b1ebe
SHA512

c26b6a9b45d189653713c9e54d841a43bbade81992a3080f796e23d1110c512b9e4c773f60d015da110facb8a0fb466678dfed0c420dceb0a83b2635e5479ea4
SSDEEP

1536:YSls8NaW57/9mzY4WC1c+NrD84rmE4CjbpEBbEH:FRIw/ZC1c+NrV94sb2BbEH

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2824	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 2824	4960	rundll32.exe	82
PID 4960 wrote to memory of 2824	4960	rundll32.exe	82
PID 4960 wrote to memory of 2824	4960	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29a922408a9b4296b942236163813633_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\29a922408a9b4296b942236163813633_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2824

memory/2824-2-0x00000000008A0000-0x000000000092C000-memory.dmp

Filesize
560KB

Download
memory/2824-1-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/2824-0-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/2824-3-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download