b116b159061bc46a2a19545c1248f93192913439bc6408568590f73f6825fa84

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 12:03

Target

6082ee6c1072f5d9319e4a96d4d71b1b_JaffaCakes118.dll
Size

32KB
MD5

6082ee6c1072f5d9319e4a96d4d71b1b
SHA1

8cfda7ac284c0a47af302cdcfe303c5c9ba19528
SHA256

b116b159061bc46a2a19545c1248f93192913439bc6408568590f73f6825fa84
SHA512

da45bfe99e272ab4f8ac0254e12733755a234cfb62a8cfb1dc4a4c60e4410ab641d01f306895bd65f45e233072b204a39828627f38e090f3ea1906a5f96eb275
SSDEEP

384:ZxTfL8ZQaoTvB26lVG5EmlkxyeG3AJJuvQ0TgO7Ekq:ZN9aoTvE6VGGe3AJJR0TgOwD

Score

1^/10

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3744	rundll32.exe
3744	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 3744	4240	rundll32.exe	84
PID 4240 wrote to memory of 3744	4240	rundll32.exe	84
PID 4240 wrote to memory of 3744	4240	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6082ee6c1072f5d9319e4a96d4d71b1b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6082ee6c1072f5d9319e4a96d4d71b1b_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3744