d00e16738aab24004d45f7ec1f705c0cdc149b4f1289c8195fcf6a6d30f04183

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 10:26

Target

f58f3dea0dd2d0e252bacf40ded82984_JaffaCakes118.dll
Size

32KB
MD5

f58f3dea0dd2d0e252bacf40ded82984
SHA1

b606b435191f1d1f1a2407aaee2bebdaf5e49180
SHA256

d00e16738aab24004d45f7ec1f705c0cdc149b4f1289c8195fcf6a6d30f04183
SHA512

e7227239f31c9388d01096765fb1ee768b3825be9bd4cbc0654a37deb184e850976353ef6b91a9942b227729da4fb2d9f22e4d15671bf9dc58ff97a74ccfddef
SSDEEP

768:spCmoi6qZOpQB5ZpOc06HCMH/sJ2Fvu7s9C84ZZ:sgmv6qZ4QxpP0AtH0J6O

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3508	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3312 wrote to memory of 3508	3312	rundll32.exe	90
PID 3312 wrote to memory of 3508	3312	rundll32.exe	90
PID 3312 wrote to memory of 3508	3312	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f58f3dea0dd2d0e252bacf40ded82984_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3312
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f58f3dea0dd2d0e252bacf40ded82984_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4004 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:568