bbb7109c5426b1e62357f7d11b519207d24b87c1d26c0e71bc4dc40a2f2d1630

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 23:13

Target

605e510079a97c76fb6923183d16589c_JaffaCakes118.dll
Size

58KB
MD5

605e510079a97c76fb6923183d16589c
SHA1

e3bda6420cf761a8e45bc02a38de022f4f179f57
SHA256

bbb7109c5426b1e62357f7d11b519207d24b87c1d26c0e71bc4dc40a2f2d1630
SHA512

4bcbd44c75784ada5713d995bff56583362292a4eecc1821e3797ccf3dd82e1d6b67b3289184cc0c96808d85bb933883d1107ff3feec7e937bb424bf291d63aa
SSDEEP

768:ki6aw3i+9FPokTviMec1gp3nEPmRPy9EmaUSfassO+wcSDPnGMEa4:9x+9FHiH3nBPy9YfIGDvlEP

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2100	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2100	2000	rundll32.exe	30
PID 2000 wrote to memory of 2100	2000	rundll32.exe	30
PID 2000 wrote to memory of 2100	2000	rundll32.exe	30
PID 2000 wrote to memory of 2100	2000	rundll32.exe	30
PID 2000 wrote to memory of 2100	2000	rundll32.exe	30
PID 2000 wrote to memory of 2100	2000	rundll32.exe	30
PID 2000 wrote to memory of 2100	2000	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\605e510079a97c76fb6923183d16589c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\605e510079a97c76fb6923183d16589c_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2100

memory/2100-0-0x00000000001D0000-0x00000000001E2000-memory.dmp

Filesize
72KB

Download
memory/2100-3-0x0000000000210000-0x0000000000222000-memory.dmp

Filesize
72KB

Download
memory/2100-5-0x0000000076FA4000-0x0000000076FA5000-memory.dmp

Filesize
4KB

Download
memory/2100-4-0x0000000077A60000-0x0000000077A61000-memory.dmp

Filesize
4KB

Download
memory/2100-6-0x0000000000210000-0x0000000000222000-memory.dmp

Filesize
72KB

Download
memory/2100-7-0x0000000000210000-0x0000000000222000-memory.dmp

Filesize
72KB

Download
memory/2100-8-0x00000000007A0000-0x00000000007AE000-memory.dmp

Filesize
56KB

Download
memory/2100-9-0x0000000076F90000-0x00000000770A0000-memory.dmp

Filesize
1.1MB

Download