e311b2f9ed27274943294a24ae00c3cd9eb26c0ab5bc7baef34b030f10d7412f

Analysis

max time kernel
140s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 22:17

Target

6503375d69bbf0235ea03cc1bc5a286a_JaffaCakes118.dll
Size

318KB
MD5

6503375d69bbf0235ea03cc1bc5a286a
SHA1

5c714505011c03b58fa107ea43efdf805d5e8863
SHA256

e311b2f9ed27274943294a24ae00c3cd9eb26c0ab5bc7baef34b030f10d7412f
SHA512

104a4ed77b09247b86325a465fe9fc5fa98fcd537a6baa4c2bf425acf60aab9762023dfacb4dfae68be92ce999698b84af0b66e4058e61f69313803425f5ddf9
SSDEEP

6144:mvDDHy5z2wg9btsWXxntETMF4efN3VnlfxG4x+7UX9lwdpPbkg8TF+8G:GDS5zng5+8n8vMVlZF+7UTUTkg8R+8G

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4996	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 4996	4936	rundll32.exe	84
PID 4936 wrote to memory of 4996	4936	rundll32.exe	84
PID 4936 wrote to memory of 4996	4936	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6503375d69bbf0235ea03cc1bc5a286a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6503375d69bbf0235ea03cc1bc5a286a_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4996

memory/4996-0-0x0000000010000000-0x000000001009D000-memory.dmp

Filesize
628KB

Download