ecf3700717f073b4e288cb1f0609c63eae6a705f6cf02164aaa1e678dace62c9

Analysis

max time kernel
32s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2024 09:59

Target

3cea6d11244f25a953ccc985a79f4e80_JaffaCakes118.dll
Size

319KB
MD5

3cea6d11244f25a953ccc985a79f4e80
SHA1

ffacb56889fbbc316fc3c7798ccead038156d0cf
SHA256

ecf3700717f073b4e288cb1f0609c63eae6a705f6cf02164aaa1e678dace62c9
SHA512

59550114f329ac3f16f4b9ea4f35898f13fae920dceb4179524a03d9e2c9fdcb66eedbc8d4b67de289449626b02d11ba21fd98459a4b838288c7b07550c0150b
SSDEEP

6144:eD8p7vuW+GGwEEqu3jErtLKrPE2+zfDfpim2AdKryB9yuOuk2e:givF+GlTEVgEdfUm2AdKRRuk2e

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2148	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4312 wrote to memory of 2148	4312	rundll32.exe	81
PID 4312 wrote to memory of 2148	4312	rundll32.exe	81
PID 4312 wrote to memory of 2148	4312	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cea6d11244f25a953ccc985a79f4e80_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4312
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cea6d11244f25a953ccc985a79f4e80_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2148

memory/2148-0-0x0000000010000000-0x000000001009D000-memory.dmp

Filesize
628KB

Download