09ab46215775d77ba937d3963983d773b651aff1d3950465f185ed7ccd60a106

Analysis

max time kernel
141s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 14:16

Target

090025c9e267ee5c3bd46f2ed395a370_JaffaCakes118.dll
Size

156KB
MD5

090025c9e267ee5c3bd46f2ed395a370
SHA1

e8f7aa208033c9c791c362dc128c8ed2f6451bc2
SHA256

09ab46215775d77ba937d3963983d773b651aff1d3950465f185ed7ccd60a106
SHA512

e0f2b86c2e71c0746f26b984576817c0050bc975cc8ad51c98bbe2a47c48e46c0a2f6ddade9bfa921f48fd5e13cf91f3e5a81815404c3bfa56bd71294be1bf51
SSDEEP

3072:6xTXSdg/ffGuUuxkR/1E5dC2Jib5SzQkV8mhLLuEh0G:Qgg/fOlr8dXJi4VxhPuEhL

Score

8^/10

Blocklisted process makes network request 1 IoCs

flow	pid	Process
1	2960	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2960	rundll32.exe
2960	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2960	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2960	2196	rundll32.exe	91
PID 2196 wrote to memory of 2960	2196	rundll32.exe	91
PID 2196 wrote to memory of 2960	2196	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\090025c9e267ee5c3bd46f2ed395a370_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\090025c9e267ee5c3bd46f2ed395a370_JaffaCakes118.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4036 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:3628

memory/2960-1-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download
memory/2960-2-0x0000000010000000-0x000000001002F000-memory.dmp

Filesize
188KB

Download