3ecc6d8b7df89c5bb8492157f13576dde90c58773fb4eb22cb5463e1bf2b4f16

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 20:14

Target

f43e0fad34410bb77215f080298a2ec0_JaffaCakes118.dll
Size

546KB
MD5

f43e0fad34410bb77215f080298a2ec0
SHA1

ae6c38a391b773c6195ca5682e0c1aca919dea18
SHA256

3ecc6d8b7df89c5bb8492157f13576dde90c58773fb4eb22cb5463e1bf2b4f16
SHA512

d92b6142d3074f2fb60f482c522e7ce8114e60e0ee7d1cfc0beae8a302fe4e911d376c2a86c48233763de14440bb0c9936b1f92570b2ce7380fae1dfa4556c60
SSDEEP

6144:39ZLk6KDpBVnwU47/cadCW8/Sb+YvLrhk1dlm7twdWgGJSfAEIsj7kBY1vbrofnL:tG6+rnwtvQAucxWjZnkBusPkni0yShg

Score

4^/10

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\twisys.ini	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2912	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 2912	2900	rundll32.exe	28
PID 2900 wrote to memory of 2912	2900	rundll32.exe	28
PID 2900 wrote to memory of 2912	2900	rundll32.exe	28
PID 2900 wrote to memory of 2912	2900	rundll32.exe	28
PID 2900 wrote to memory of 2912	2900	rundll32.exe	28
PID 2900 wrote to memory of 2912	2900	rundll32.exe	28
PID 2900 wrote to memory of 2912	2900	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f43e0fad34410bb77215f080298a2ec0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f43e0fad34410bb77215f080298a2ec0_JaffaCakes118.dll,#1
  2⤵
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  PID:2912

C:\Windows\twisys.ini

Filesize
15B

MD5
f76b79ad78d2c7c08e33c53798efd7ab

SHA1
40e3ed279bb7e37b7e37c62ad9b7183f81234ca2

SHA256
3c9fee212611cf3dde2fcc18e09e3811a37c6bc2eb4b542d1006f96601dfa04c

SHA512
7aebfa69e2b70d647f64ed912ca6d5ae881d4df6679cac303c67a69abce98f4ef5d185b0c07efbe5fb67ee9453311f58a3ac50272889f59ba73e3c45ba667647

Download Submit
memory/2912-0-0x00000000002E0000-0x000000000036D000-memory.dmp

Filesize
564KB

Download