ba41b7a8b19723cc523ba821ad490731ed57c99759e8ef21c15e994525d690ff

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 17:30

Target

3e3dcfe622dfc2043d64739e084c88c6_JaffaCakes118.dll
Size

16KB
MD5

3e3dcfe622dfc2043d64739e084c88c6
SHA1

514e88af1f1abb3a87aaa0e3d48a06cab0c4b4eb
SHA256

ba41b7a8b19723cc523ba821ad490731ed57c99759e8ef21c15e994525d690ff
SHA512

2e45d91adb4d31af006d869a3ae9378fb582f0bb0392d008d1921520149261672cae3f07a1c82e91f877af9c0b1028661b66c6502348da70ff08ee48a47aa009
SSDEEP

384:oJpXXDUmWfc///1YZGOaLZhHeKudUpvKO:o/XDUmuc9Y/aLZhH0iK

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2844	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2844	2204	rundll32.exe	83
PID 2204 wrote to memory of 2844	2204	rundll32.exe	83
PID 2204 wrote to memory of 2844	2204	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e3dcfe622dfc2043d64739e084c88c6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e3dcfe622dfc2043d64739e084c88c6_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2844

memory/2844-0-0x0000000006000000-0x0000000006010000-memory.dmp

Filesize
64KB

Download
memory/2844-1-0x0000000000920000-0x0000000000921000-memory.dmp

Filesize
4KB

Download
memory/2844-2-0x0000000006000000-0x0000000006010000-memory.dmp

Filesize
64KB

Download