b249941fcacf92c5bc3b0fe36dd7a80b9900640053e1e9c64795344d604f154b

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-04-2024 01:18

Target

eff694b496c740ed6d25cd6ace413ce4_JaffaCakes118.dll
Size

19KB
MD5

eff694b496c740ed6d25cd6ace413ce4
SHA1

b11ccbea6964e3b179582e2c8671c2f5a86726b7
SHA256

b249941fcacf92c5bc3b0fe36dd7a80b9900640053e1e9c64795344d604f154b
SHA512

217d4ecb8a937f8e7d6e08965aeeff811b1f2c6117e1659ec6fb2337f0f4e62c8e24a24de02a51b567fc51d63480994b7c7d420f2bf660b2f2bfcf8342cd7159
SSDEEP

384:OryzfhVA5jVJxWCFsMI9H2jMuKWCisZMThN8eIaZA:OryjhVA5NWCWMMWQuVsZUhOezS

Score

8^/10

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\beep.sys	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\drivers\beep.sys	rundll32.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\dllcache\beep.sys	rundll32.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
468	Process not Found
468	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1508	rundll32.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 1508	2264	rundll32.exe	28
PID 2264 wrote to memory of 1508	2264	rundll32.exe	28
PID 2264 wrote to memory of 1508	2264	rundll32.exe	28
PID 2264 wrote to memory of 1508	2264	rundll32.exe	28
PID 2264 wrote to memory of 1508	2264	rundll32.exe	28
PID 2264 wrote to memory of 1508	2264	rundll32.exe	28
PID 2264 wrote to memory of 1508	2264	rundll32.exe	28
PID 1508 wrote to memory of 1200	1508	rundll32.exe	21
PID 1508 wrote to memory of 1200	1508	rundll32.exe	21

C:\Users\Admin\AppData\Local\Temp\datA842.tmp

Filesize
6KB

MD5
cd5271cd7fc1d2673e7cee7f7a13680d

SHA1
dc7b4e81d9419f623fa4af223810899e337dcdad

SHA256
2e2d7a525244b506eb84338b5108b5a35f37f899c2dce1f3293b63e5b26df524

SHA512
863a7d7beab1e4a2df608bb1dbfa2793216158a2887bfe1150973ba10be13e9d5aff67af03a77ccdee019b28a1094cebc5273372ced511a576d2e8c38e8cefdb

Download Submit
memory/1200-5-0x0000000001DB0000-0x0000000001DB1000-memory.dmp

Filesize
4KB

Download
memory/1508-1-0x0000000010000000-0x000000001040F000-memory.dmp

Filesize
4.1MB

Download
memory/1508-7-0x0000000010000000-0x000000001040F000-memory.dmp

Filesize
4.1MB

Download
memory/1508-12-0x0000000010000000-0x000000001040F000-memory.dmp

Filesize
4.1MB

Download
memory/1508-13-0x0000000010000000-0x000000001040F000-memory.dmp

Filesize
4.1MB

Download