eed5399f4c965403d8f39222e02b5635b288965b53097022371ee6750e02b5dd

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 07:50

Target

0deccfa7f97ca4d114c400f9df76fdc0_JaffaCakes118.dll
Size

178KB
MD5

0deccfa7f97ca4d114c400f9df76fdc0
SHA1

d7b2328e9716f8848fecf5dc65e63b8fb920f180
SHA256

eed5399f4c965403d8f39222e02b5635b288965b53097022371ee6750e02b5dd
SHA512

258551cc2b26819f6ba1ecb24ff63ab5a233f1535a0b0435a21c2ef2fef6bf5d2ee1ac3ee7c8b466bb10dab74a20a7dd3296b5872d48b4120a0c57f2929a24e1
SSDEEP

3072:oQdXKd8t5LZKKcoc4A1lMZdxKW+k8BHYDZ:omXXZK1ocgcW+k8B4DZ

Score

8^/10

Blocklisted process makes network request 6 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1848	rundll32.exe
Token: SeDebugPrivilege	1848	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 1848	4152	rundll32.exe	83
PID 4152 wrote to memory of 1848	4152	rundll32.exe	83
PID 4152 wrote to memory of 1848	4152	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0deccfa7f97ca4d114c400f9df76fdc0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0deccfa7f97ca4d114c400f9df76fdc0_JaffaCakes118.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious use of AdjustPrivilegeToken
  PID:1848

memory/1848-0-0x00000000007F0000-0x0000000000821000-memory.dmp

Filesize
196KB

Download
memory/1848-4-0x00000000007F0000-0x0000000000821000-memory.dmp

Filesize
196KB

Download
memory/1848-6-0x00000000007F0000-0x0000000000821000-memory.dmp

Filesize
196KB

Download
memory/1848-9-0x00000000007F0000-0x0000000000821000-memory.dmp

Filesize
196KB

Download
memory/1848-11-0x00000000007F0000-0x0000000000821000-memory.dmp

Filesize
196KB

Download
memory/1848-13-0x00000000007F0000-0x0000000000821000-memory.dmp

Filesize
196KB

Download
memory/1848-16-0x00000000007F0000-0x0000000000821000-memory.dmp

Filesize
196KB

Download