3cf78a6d0244c33a14905f91f9912e2c7255c3247313456ca4eec93a7839abbd

Analysis

max time kernel
132s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 23:46

Target

77363996b2b67f31b9c7d99913a6a192_JaffaCakes118.dll
Size

192KB
MD5

77363996b2b67f31b9c7d99913a6a192
SHA1

209427e5780d41bf512483b89f9b97b1d23d8835
SHA256

3cf78a6d0244c33a14905f91f9912e2c7255c3247313456ca4eec93a7839abbd
SHA512

51d5735a6d2557f2f19f5c0627a37f6effc56b0627e8843afdd0c33013bf07c42c511c100af54eacc26867e2c157145345a6559c4d181df6023a7c68cd53c455
SSDEEP

3072:8+4wi6QVNbGTiDA9+/eA72Rd5DdYneSP2WjT7TG3dzpp9ZjdsHQT:li3VIWBF2Rd5DyneSP20EViw

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

rundll32.exe

description	pid	Process
Token: SeDebugPrivilege	4728	rundll32.exe
Token: SeTcbPrivilege	4728	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 3888 wrote to memory of 4728	3888	rundll32.exe	91
PID 3888 wrote to memory of 4728	3888	rundll32.exe	91
PID 3888 wrote to memory of 4728	3888	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\77363996b2b67f31b9c7d99913a6a192_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\77363996b2b67f31b9c7d99913a6a192_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4104,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:8
1⤵
PID:2172