1e96bb5b6683c0061e77821db787184f6c15696414c6fb71792392f79bba2d15

Analysis

max time kernel
32s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 08:41

Target

4515e5d21f61dd9bcaadf9094948e57b_JaffaCakes118.dll
Size

120KB
MD5

4515e5d21f61dd9bcaadf9094948e57b
SHA1

56b41d6edb0ffea9ebec070649ccb542dadbb625
SHA256

1e96bb5b6683c0061e77821db787184f6c15696414c6fb71792392f79bba2d15
SHA512

31270f550a8a5041762d05efbe595bc7b805fbcd58d497d1d60b8f2414bae1223862e1a8d4d1f6de9da62adf53b436066bbe8f5c2cf8456b2bbd301936195880
SSDEEP

3072:deYZ6FCLi/bbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyVU7Dzt0y:dxZ4wQwvP6bQ7yMP+DE827Pb

Score

1^/10

Modifies registry class 3 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3604 wrote to memory of 2988	3604	rundll32.exe	82
PID 3604 wrote to memory of 2988	3604	rundll32.exe	82
PID 3604 wrote to memory of 2988	3604	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4515e5d21f61dd9bcaadf9094948e57b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4515e5d21f61dd9bcaadf9094948e57b_JaffaCakes118.dll,#1
  2⤵
  - Modifies registry class
  PID:2988

memory/2988-0-0x0000000000750000-0x0000000000779000-memory.dmp

Filesize
164KB

Download
memory/2988-1-0x0000000000750000-0x0000000000779000-memory.dmp

Filesize
164KB

Download
memory/2988-2-0x00000000007B0000-0x00000000007E0000-memory.dmp

Filesize
192KB

Download
memory/2988-5-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/2988-8-0x00000000007F0000-0x00000000007F1000-memory.dmp

Filesize
4KB

Download
memory/2988-10-0x00000000007A0000-0x00000000007A1000-memory.dmp

Filesize
4KB

Download
memory/2988-9-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download
memory/2988-7-0x0000000000440000-0x0000000000441000-memory.dmp

Filesize
4KB

Download
memory/2988-6-0x0000000000430000-0x0000000000431000-memory.dmp

Filesize
4KB

Download
memory/2988-4-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/2988-3-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download