b01ee0a33720e9e9834f594e5ef73334082e7d968e4b996f678996227cdb2f18

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 00:42

Target

2a60ed4f16daae34683a2076437472ef_JaffaCakes118.dll
Size

61KB
MD5

2a60ed4f16daae34683a2076437472ef
SHA1

0a7ff518cbfe3c05ce45f0cdd665363d18697906
SHA256

b01ee0a33720e9e9834f594e5ef73334082e7d968e4b996f678996227cdb2f18
SHA512

80fc26d837f9c484a4fc4bc8594ea7f21278fe6b88ff0ae2886b88aeee57ef8a4cd2827085a5b2f2cdbfee0c2c26ac6cf5376b9898175c24175155c385e1071e
SSDEEP

768:Pv2CZrwc4huHkO1YAKXPCKcR16FkNooQRSmSz5HtxNF+:PF6hwYAdQOMSmSJtF+

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3436	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 3436	2824	rundll32.exe	82
PID 2824 wrote to memory of 3436	2824	rundll32.exe	82
PID 2824 wrote to memory of 3436	2824	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a60ed4f16daae34683a2076437472ef_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a60ed4f16daae34683a2076437472ef_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3436

memory/3436-0-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download