08fd9e58621b57895811791b6b5dbe5e180488723d1426a9f9def35259842ce6

Analysis

max time kernel
140s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 21:11

Target

64d225a757686db6263e5df919e9dfd6_JaffaCakes118.dll
Size

264KB
MD5

64d225a757686db6263e5df919e9dfd6
SHA1

5678ced83018dfdb1566ea111b6bd79a43026643
SHA256

08fd9e58621b57895811791b6b5dbe5e180488723d1426a9f9def35259842ce6
SHA512

f8739957cbeb50328510e3e5bfaea2c0027f2797dbaaab01641dad2cf39fb0782cb005de4b6e6d58ffaa35ea8e838650a76d79aa9288a9c18e1cb1bb893f47e9
SSDEEP

6144:WH9SaNhxIYfRRMxVUvdQK6uB9r9HiKuEyeF3yb3L:cXNhxFRcodQS90b7

Score

4^/10

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\winmm.dll	rundll32.exe
File opened for modification	C:\Windows\winmm.dll	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2304	rundll32.exe
2304	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2304	2672	rundll32.exe	84
PID 2672 wrote to memory of 2304	2672	rundll32.exe	84
PID 2672 wrote to memory of 2304	2672	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\64d225a757686db6263e5df919e9dfd6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\64d225a757686db6263e5df919e9dfd6_JaffaCakes118.dll,#1
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2304

memory/2304-3-0x0000000000BD0000-0x0000000000BF0000-memory.dmp

Filesize
128KB

Download
memory/2304-11-0x0000000002AA0000-0x0000000002AC0000-memory.dmp

Filesize
128KB

Download