d00e16738aab24004d45f7ec1f705c0cdc149b4f1289c8195fcf6a6d30f04183

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 10:26

Target

f58f3dea0dd2d0e252bacf40ded82984_JaffaCakes118.dll
Size

32KB
MD5

f58f3dea0dd2d0e252bacf40ded82984
SHA1

b606b435191f1d1f1a2407aaee2bebdaf5e49180
SHA256

d00e16738aab24004d45f7ec1f705c0cdc149b4f1289c8195fcf6a6d30f04183
SHA512

e7227239f31c9388d01096765fb1ee768b3825be9bd4cbc0654a37deb184e850976353ef6b91a9942b227729da4fb2d9f22e4d15671bf9dc58ff97a74ccfddef
SSDEEP

768:spCmoi6qZOpQB5ZpOc06HCMH/sJ2Fvu7s9C84ZZ:sgmv6qZ4QxpP0AtH0J6O

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2928	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 2928	2984	rundll32.exe	28
PID 2984 wrote to memory of 2928	2984	rundll32.exe	28
PID 2984 wrote to memory of 2928	2984	rundll32.exe	28
PID 2984 wrote to memory of 2928	2984	rundll32.exe	28
PID 2984 wrote to memory of 2928	2984	rundll32.exe	28
PID 2984 wrote to memory of 2928	2984	rundll32.exe	28
PID 2984 wrote to memory of 2928	2984	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f58f3dea0dd2d0e252bacf40ded82984_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f58f3dea0dd2d0e252bacf40ded82984_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2928

memory/2928-0-0x0000000000180000-0x000000000018E000-memory.dmp

Filesize
56KB

Download
memory/2928-1-0x0000000075170000-0x00000000751FD000-memory.dmp

Filesize
564KB

Download
memory/2928-2-0x00000000768D0000-0x00000000769C0000-memory.dmp

Filesize
960KB

Download