06b7d0a9dbb6c605ea2add1236926097f757b3834db42a3d4b057edb42d5385d

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 15:12

Target

0e884b94e7060b5173408ca044316803_JaffaCakes118.dll
Size

35KB
MD5

0e884b94e7060b5173408ca044316803
SHA1

725778396d525413a7ac5362bb9a087f9d3975ee
SHA256

06b7d0a9dbb6c605ea2add1236926097f757b3834db42a3d4b057edb42d5385d
SHA512

5edd0d39dd6fe40496f1af152fad573ae5e710b7da0fb43c22e02051edc931ccef769f5be45f8d0441199368b9b6c596aec4e00b3f3349021ce8f857c34be2b3
SSDEEP

384:HVpbrqlefcrUi0vdfgpW5r69p/jNTCfijcb0LYQPBFEMx:1dqsf0Ui01fgpcOpgijNLYQ7EM

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2488	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2488	2052	rundll32.exe	28
PID 2052 wrote to memory of 2488	2052	rundll32.exe	28
PID 2052 wrote to memory of 2488	2052	rundll32.exe	28
PID 2052 wrote to memory of 2488	2052	rundll32.exe	28
PID 2052 wrote to memory of 2488	2052	rundll32.exe	28
PID 2052 wrote to memory of 2488	2052	rundll32.exe	28
PID 2052 wrote to memory of 2488	2052	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e884b94e7060b5173408ca044316803_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e884b94e7060b5173408ca044316803_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2488

memory/2488-1-0x0000000010012000-0x0000000010013000-memory.dmp

Filesize
4KB

Download
memory/2488-0-0x0000000010000000-0x000000001001C000-memory.dmp

Filesize
112KB

Download