181df9363bfe1491365afe330cce8f20d8f4ceabd0fff421d6efb8b627c19440

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 17:10

Target

09c8397ce1032633a09515aaccd4e611_JaffaCakes118.dll
Size

33KB
MD5

09c8397ce1032633a09515aaccd4e611
SHA1

9378a6832d4355930212069e92ca61db06aa143b
SHA256

181df9363bfe1491365afe330cce8f20d8f4ceabd0fff421d6efb8b627c19440
SHA512

2adc694cde1adf0ad60fa2fcd093bcd4d899a42935611fb9dca24dbd5ef7b5de9c0c1180489ad17a5ad043882013f10920391cb72cb5b8cf24c1df7adc4c9ddb
SSDEEP

768:M+aoi6qZOpQB5ZpOc06HCMN9GT6RJ5BHUEy2YEZZEo:M+av6qZ4QxpP0AtNfRJ5BHxY

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1400	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 1400	948	rundll32.exe	91
PID 948 wrote to memory of 1400	948	rundll32.exe	91
PID 948 wrote to memory of 1400	948	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\09c8397ce1032633a09515aaccd4e611_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\09c8397ce1032633a09515aaccd4e611_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4156 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
1⤵
PID:1396