fa98c6f25052ce6a851148439091efad9b734b89b094b6e60610cc8b216946de

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 07:25

Target

2f7631b1d16ed2673fcd2f625cab4602_JaffaCakes118.dll
Size

152KB
MD5

2f7631b1d16ed2673fcd2f625cab4602
SHA1

ea1ebe80ad7948d36d49e7c81191f00ff7c9417c
SHA256

fa98c6f25052ce6a851148439091efad9b734b89b094b6e60610cc8b216946de
SHA512

6c65d91048b02024ee8a59ef1e4ee3fd59e291d7a812d63b47bb7995498e3a9faaf059b7ff98869160c0afb7037d25cfc51ee7b2ad9b2e939051004e7889c152
SSDEEP

3072:OMcOBW8VgdbgssPtinyOt1I4xdFArBPM1bs:OMcOBW8qAl4yzIOrxM1

Score

1^/10

Modifies registry class 6 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61C1B9CE-1A6F-4994-B4A4-0E7C99AD4C28}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2f7631b1d16ed2673fcd2f625cab4602_JaffaCakes118.dll"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61C1B9CE-1A6F-4994-B4A4-0E7C99AD4C28}\InprocServer32\ThreadingModel = "Apartment"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61C1B9CE-1A6F-4994-B4A4-0E7C99AD4C28}\InprocServer32	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61C1B9CE-1A6F-4994-B4A4-0E7C99AD4C28}	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3036	rundll32.exe
3036	rundll32.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 3036	1712	rundll32.exe	84
PID 1712 wrote to memory of 3036	1712	rundll32.exe	84
PID 1712 wrote to memory of 3036	1712	rundll32.exe	84
PID 3036 wrote to memory of 3440	3036	rundll32.exe	56

memory/3036-0-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download