1597e0f678dd61a265e73851022ca014b901bca0c40a07ac795a2fa7ff35da2a

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 16:47

Target

ede587b3f94bcc66f403f946637c5581_JaffaCakes118.dll
Size

31KB
MD5

ede587b3f94bcc66f403f946637c5581
SHA1

f619154b944abf7b866b7891e4078a967fca5ae6
SHA256

1597e0f678dd61a265e73851022ca014b901bca0c40a07ac795a2fa7ff35da2a
SHA512

d3937f8a24636ab6ee68609d8542909a2840dc5ae47f2255f5aa6f8e0b69d1a0a5c4cb986714eef8392b5f50f7397f8fa93288df97c9ca2f8ad76a9fbaaf65e6
SSDEEP

384:KwvrLBylNDHiHywtNgBygSM4PswSjQsH+gGZIEy2Og9A:DDFy/DCHywE091PfqxH+RZfb9A

Score

5^/10

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\hjk.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\hjk.dll	rundll32.exe
File created	C:\Windows\SysWOW64\gjbhr.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\gjbhr.dll	rundll32.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

Suspicious use of AdjustPrivilegeToken 4 IoCs

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2280	3060	rundll32.exe	28
PID 3060 wrote to memory of 2280	3060	rundll32.exe	28
PID 3060 wrote to memory of 2280	3060	rundll32.exe	28
PID 3060 wrote to memory of 2280	3060	rundll32.exe	28
PID 3060 wrote to memory of 2280	3060	rundll32.exe	28
PID 3060 wrote to memory of 2280	3060	rundll32.exe	28
PID 3060 wrote to memory of 2280	3060	rundll32.exe	28
PID 2280 wrote to memory of 1256	2280	rundll32.exe	21
PID 2280 wrote to memory of 1256	2280	rundll32.exe	21
PID 2280 wrote to memory of 1016	2280	rundll32.exe	17
PID 2280 wrote to memory of 1016	2280	rundll32.exe	17

memory/1256-2-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download