8463667d8208795d277cf0d7e0082a6b6ca233291ecc9297268bbc99c2711871

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 00:15

Target

4765ed8a5d5c94c6dc26d9da13214e8c_JaffaCakes118.dll
Size

314KB
MD5

4765ed8a5d5c94c6dc26d9da13214e8c
SHA1

32d705c363656aa8f86769d5409f5d3d4c122ef8
SHA256

8463667d8208795d277cf0d7e0082a6b6ca233291ecc9297268bbc99c2711871
SHA512

158fd46023ae88253a35c7e64553e5e6d959c7d5af80363a80b9cf289188d992a697198340c01773647528233ff53dc836365c2d8c0b270ec68ee500e7ecc06e
SSDEEP

6144:iMjsycyX7bweBe/K6iCI5adO/WwkfiKTAQE6MIA+3NUSS/:iMjsycC47iCI5oqPc5MIx6SS/

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2476	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 2476	3304	rundll32.exe	83
PID 3304 wrote to memory of 2476	3304	rundll32.exe	83
PID 3304 wrote to memory of 2476	3304	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4765ed8a5d5c94c6dc26d9da13214e8c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4765ed8a5d5c94c6dc26d9da13214e8c_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2476

memory/2476-0-0x0000000010000000-0x000000001009D000-memory.dmp

Filesize
628KB

Download