b977834859daa4239d29726b7528060fd4baaaf8b4e2b115be396c3e8fb175a2

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 06:36

Target

33aea6811195cfcde8922a2845613cd3_JaffaCakes118.dll
Size

44KB
MD5

33aea6811195cfcde8922a2845613cd3
SHA1

5735bb00a2b25b3721441eaa578918ab9ddf7941
SHA256

b977834859daa4239d29726b7528060fd4baaaf8b4e2b115be396c3e8fb175a2
SHA512

e48c5cb04096be1ba2e9479c624a23acf932e9ba1876d5b08b65fecc8556fb1fe57387082441fec99b6b2f3a66c2a444a549afcc03d0a6fd71da23a529c637dd
SSDEEP

768:apkavnUPnnpShoXOhcG+ujHvgGgLa18h4vv:JUKdXOtXjP2LaNH

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4108	Rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4108	Rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 1476	4696	regsvr32.exe	81
PID 4696 wrote to memory of 1476	4696	regsvr32.exe	81
PID 4696 wrote to memory of 1476	4696	regsvr32.exe	81
PID 1476 wrote to memory of 4108	1476	regsvr32.exe	83
PID 1476 wrote to memory of 4108	1476	regsvr32.exe	83
PID 1476 wrote to memory of 4108	1476	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\33aea6811195cfcde8922a2845613cd3_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\33aea6811195cfcde8922a2845613cd3_JaffaCakes118.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1476
- - C:\Windows\SysWOW64\Rundll32.exe
    C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\33aea6811195cfcde8922a2845613cd3_JaffaCakes118.dll,DllUnregisterServer
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:4108