fbf597174381687395f83ad57a9ce1e0e7da2b1b6b2806b684ab3b08aa740fcf

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 21:12

Target

366685879fdd00a325ac95a67839a51e_JaffaCakes118.dll
Size

86KB
MD5

366685879fdd00a325ac95a67839a51e
SHA1

e93b4b37085ca724b868d4e56205ec6493de086f
SHA256

fbf597174381687395f83ad57a9ce1e0e7da2b1b6b2806b684ab3b08aa740fcf
SHA512

70dab15401e873352b9d95223594427bca9050f256087f8fb15032578e037fb1f446714f87f23c6ce4333c9fad7cbc70dae2239614dccfb705b5b0d715cceb55
SSDEEP

1536:bq+dX5z9lhsRbarmsapZyWK+0IStWJ+xruajIDUsL+JjiHq0VaO1FsPRFDmu+Tx:bbdRhsRwmsmB4tCailUsLHq0VaODQW

Score

1^/10

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

rundll32.exe

pid process

4068 rundll32.exe
4068 rundll32.exe

pid	process
4068	rundll32.exe
4068	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3992 wrote to memory of 4068	3992	rundll32.exe	rundll32.exe
PID 3992 wrote to memory of 4068	3992	rundll32.exe	rundll32.exe
PID 3992 wrote to memory of 4068	3992	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\366685879fdd00a325ac95a67839a51e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3992

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\366685879fdd00a325ac95a67839a51e_JaffaCakes118.dll,#1
2⤵
- Suspicious use of SetWindowsHookEx
PID:4068

memory/4068-0-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download
memory/4068-1-0x0000000010000000-0x0000000010024000-memory.dmp

Filesize
144KB

Download
memory/4068-3-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download
memory/4068-4-0x0000000010000000-0x0000000010024000-memory.dmp

Filesize
144KB

Download