3f1b65e59b5ed247c5fd81703e277763ec9830f4567c083944e92230e70f8cf6

Analysis

max time kernel
93s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 13:37

Target

34f13a727a6123294b3ca9237297dfaf_JaffaCakes118.dll
Size

40KB
MD5

34f13a727a6123294b3ca9237297dfaf
SHA1

c285151e9a93646e7cb389cfc63d7452c4116582
SHA256

3f1b65e59b5ed247c5fd81703e277763ec9830f4567c083944e92230e70f8cf6
SHA512

4adbbae8297c6b3f8de2f80fa15d026b491e63ae9c2c3426aecf28cd11e9743221b670dc25cdf16375d5bf611f7107ab2483184d98aaa7cb41e89164c38dfb90
SSDEEP

768:FuFpaslXIZE2xAEM9/1wAqy28ZqMbTdqM96p8M6wKsApjoXm:kFgsREp2/iNhqQM9RwpAd3

Score

1^/10

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{5C711E98-C158-9DFF-59A7-1D04997893C5}	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5C711E98-C158-9DFF-59A7-1D04997893C5}\ = "34f13a727a6"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5C711E98-C158-9DFF-59A7-1D04997893C5}\InprocServer32	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5C711E98-C158-9DFF-59A7-1D04997893C5}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\34f13a727a6123294b3ca9237297dfaf_JaffaCakes118.dll"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5C711E98-C158-9DFF-59A7-1D04997893C5}\InprocServer32\ThreadingModel = "Apartment"	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 4988	4144	rundll32.exe	83
PID 4144 wrote to memory of 4988	4144	rundll32.exe	83
PID 4144 wrote to memory of 4988	4144	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\34f13a727a6123294b3ca9237297dfaf_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\34f13a727a6123294b3ca9237297dfaf_JaffaCakes118.dll,#1
  2⤵
  - Modifies registry class
  PID:4988

memory/4988-1-0x000000007F1B0000-0x000000007F1C1000-memory.dmp

Filesize
68KB

Download
memory/4988-0-0x000000007F1D0000-0x000000007F1D9000-memory.dmp

Filesize
36KB

Download
memory/4988-2-0x000000007F1B0000-0x000000007F1C1000-memory.dmp

Filesize
68KB

Download