c5103be175111066930048ca08fa0be1caa38d87b3dc4ffdf1596c6198fbade0

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 23:46

Target

3b3303261818710cdd14592fe4198b5a_JaffaCakes118.dll
Size

764KB
MD5

3b3303261818710cdd14592fe4198b5a
SHA1

92eec0a4ba6ac3311f1b9699c07ddf23aa9be07e
SHA256

c5103be175111066930048ca08fa0be1caa38d87b3dc4ffdf1596c6198fbade0
SHA512

c955824db51cc1abb10f9c7ed4c8ed8b7e4b0696202ff0120689904f2fdf42ff21c9215504fcc7a2bb0daa0f6ccecce496c6216a06fa32fc632b8e68fe669649
SSDEEP

384:FTj4FtN6Y2diZEmhIqAHbxRdleIhKlhGJ2lhifjy:0tN67ArI3rTeIhKlgUim

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2396	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1000 wrote to memory of 2396	1000	rundll32.exe	31
PID 1000 wrote to memory of 2396	1000	rundll32.exe	31
PID 1000 wrote to memory of 2396	1000	rundll32.exe	31
PID 1000 wrote to memory of 2396	1000	rundll32.exe	31
PID 1000 wrote to memory of 2396	1000	rundll32.exe	31
PID 1000 wrote to memory of 2396	1000	rundll32.exe	31
PID 1000 wrote to memory of 2396	1000	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b3303261818710cdd14592fe4198b5a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b3303261818710cdd14592fe4198b5a_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2396