56a93a5d99f87f20550d614a987276e659d643d7253d4c2097d0004f9bc357b2

Analysis

max time kernel
93s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 10:26

Target

3cffd472b3d3cd37c35d856089d078fb_JaffaCakes118.dll
Size

315KB
MD5

3cffd472b3d3cd37c35d856089d078fb
SHA1

74d300d9f4088ec652de47c0b6ff044734649162
SHA256

56a93a5d99f87f20550d614a987276e659d643d7253d4c2097d0004f9bc357b2
SHA512

6ad7c3694ae40ea5a778c1dd217ef3a670fab7945578b403370a9732b2b43dedf5701b36cd86d23054bc9621a84accc8b2239daeca532d6eee8b0914786d27f3
SSDEEP

6144:THCSKZS1eDyyWN0QQ2tBPKZjqZrYSso4zR3StnOmUKc+SkHd+T/eEBjJDc:TfKSiu0GRKxAs7RAz5cydQ/eetw

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5076	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 5076	5020	rundll32.exe	83
PID 5020 wrote to memory of 5076	5020	rundll32.exe	83
PID 5020 wrote to memory of 5076	5020	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cffd472b3d3cd37c35d856089d078fb_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cffd472b3d3cd37c35d856089d078fb_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:5076

memory/5076-0-0x0000000010000000-0x000000001009D000-memory.dmp

Filesize
628KB

Download
memory/5076-1-0x0000000010000000-0x000000001009D000-memory.dmp

Filesize
628KB

Download