7241396c7e1c0464533683d9e2daf34605f394bbf5f7a269c8901340c8da87d0

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 03:59

Target

4820485830d650d41af4e812e55a9aa1_JaffaCakes118.dll
Size

32KB
MD5

4820485830d650d41af4e812e55a9aa1
SHA1

8e27e6945acf28764b7ce3098f6f085e987d4be2
SHA256

7241396c7e1c0464533683d9e2daf34605f394bbf5f7a269c8901340c8da87d0
SHA512

c92b37b9fb42b3018bd11c3d9baaad1bfcbc40ac31e58cfbf80fbbd1e397ac0cc5be0b4929a59936e0fbb9ff35e591c6e0a41533e861f2723bbaaaf20c90db0e
SSDEEP

384:ay/+H/oZGzkkznR0l7QczSBX5mNtftxD/k:nywQTnR05Qc2BJmNbxD/k

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3400	Rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3400	Rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 1096	4936	regsvr32.exe	83
PID 4936 wrote to memory of 1096	4936	regsvr32.exe	83
PID 4936 wrote to memory of 1096	4936	regsvr32.exe	83
PID 1096 wrote to memory of 3400	1096	regsvr32.exe	85
PID 1096 wrote to memory of 3400	1096	regsvr32.exe	85
PID 1096 wrote to memory of 3400	1096	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4820485830d650d41af4e812e55a9aa1_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4820485830d650d41af4e812e55a9aa1_JaffaCakes118.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1096
- - C:\Windows\SysWOW64\Rundll32.exe
    C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\4820485830d650d41af4e812e55a9aa1_JaffaCakes118.dll,DllUnregisterServer
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:3400