1318d533c2ab75708032f098b28ace8d8264ae4dde2183c223798c799454305c

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 16:24

Target

63e886f0da07b75b15b56b00ce22a65f_JaffaCakes118.dll
Size

315KB
MD5

63e886f0da07b75b15b56b00ce22a65f
SHA1

ae972b320e618989f52a153618f6fa9a22f85011
SHA256

1318d533c2ab75708032f098b28ace8d8264ae4dde2183c223798c799454305c
SHA512

27c1ac43793f63240478c7851fc19f690bddded4ea979ea614fcf23cd3240e5bbe41cd225a9416c3bb5ce09cbb6f6f3e724f3957bafccfa41e5ca7fe298b61a7
SSDEEP

6144:PlBKfPhM2HpUx1f8FaOTdwUCFIVtrI8XW6+h4x3NE0sHYMNnVLFGdYharsnx:NWP9ps6aOBzW8m6+hi3T8YStdhJx

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2848	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4192 wrote to memory of 2848	4192	rundll32.exe	84
PID 4192 wrote to memory of 2848	4192	rundll32.exe	84
PID 4192 wrote to memory of 2848	4192	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\63e886f0da07b75b15b56b00ce22a65f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4192
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\63e886f0da07b75b15b56b00ce22a65f_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2848

memory/2848-0-0x0000000010000000-0x000000001009D000-memory.dmp

Filesize
628KB

Download