72e5e72bb4631e93e914e6276ce1e0914e4326597c4a39c31e7315d7965f2fc2

Analysis

max time kernel
92s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 15:39

Target

5c918883d448579a33ef17b0cf94ce99_JaffaCakes118.dll
Size

161KB
MD5

5c918883d448579a33ef17b0cf94ce99
SHA1

be754028de9318664770815903683205891c6dfa
SHA256

72e5e72bb4631e93e914e6276ce1e0914e4326597c4a39c31e7315d7965f2fc2
SHA512

487c8058ff33374baf76c5b5030b528225e291e4309578245780831449e0b91485c1ecf51c4846629b9a1c7db75ed114932d2fa5a372e1b75e170c40faa5316b
SSDEEP

3072:P7Okmvfm396HM0XU+aDembri59tuvdZhhL/H0XpmT9a5ZyYaCeNbX:jQXWn+aCP0vdZhhL0MTEhafBX

Score

1^/10

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 3156	5036	rundll32.exe	84
PID 5036 wrote to memory of 3156	5036	rundll32.exe	84
PID 5036 wrote to memory of 3156	5036	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c918883d448579a33ef17b0cf94ce99_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c918883d448579a33ef17b0cf94ce99_JaffaCakes118.dll,#1
  2⤵
  - Modifies registry class
  PID:3156

memory/3156-0-0x0000000010000000-0x0000000010031000-memory.dmp

Filesize
196KB

Download
memory/3156-1-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

Filesize
212KB

Download
memory/3156-3-0x0000000002CE0000-0x0000000002CE1000-memory.dmp

Filesize
4KB

Download
memory/3156-4-0x0000000002CC0000-0x0000000002CC1000-memory.dmp

Filesize
4KB

Download
memory/3156-2-0x0000000002CD0000-0x0000000002CD1000-memory.dmp

Filesize
4KB

Download