eed5399f4c965403d8f39222e02b5635b288965b53097022371ee6750e02b5dd

Analysis

max time kernel
150s
max time network
138s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
02/05/2024, 07:50

Target

0deccfa7f97ca4d114c400f9df76fdc0_JaffaCakes118.dll
Size

178KB
MD5

0deccfa7f97ca4d114c400f9df76fdc0
SHA1

d7b2328e9716f8848fecf5dc65e63b8fb920f180
SHA256

eed5399f4c965403d8f39222e02b5635b288965b53097022371ee6750e02b5dd
SHA512

258551cc2b26819f6ba1ecb24ff63ab5a233f1535a0b0435a21c2ef2fef6bf5d2ee1ac3ee7c8b466bb10dab74a20a7dd3296b5872d48b4120a0c57f2929a24e1
SSDEEP

3072:oQdXKd8t5LZKKcoc4A1lMZdxKW+k8BHYDZ:omXXZK1ocgcW+k8B4DZ

Score

8^/10

Blocklisted process makes network request 6 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1956	rundll32.exe
Token: SeDebugPrivilege	1956	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0deccfa7f97ca4d114c400f9df76fdc0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0deccfa7f97ca4d114c400f9df76fdc0_JaffaCakes118.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious use of AdjustPrivilegeToken
  PID:1956

memory/1956-3-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1956-5-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1956-8-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1956-10-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1956-13-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1956-15-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download