6738d4cd71e59a19766714a4480e185249dbe58910817df673bd879e2e73985f

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 10:50

Target

15b86cbe80ef05ccfd16f8b678735d53_JaffaCakes118.dll
Size

36KB
MD5

15b86cbe80ef05ccfd16f8b678735d53
SHA1

b79b6343203e2afdbe322a991828d256f0243e92
SHA256

6738d4cd71e59a19766714a4480e185249dbe58910817df673bd879e2e73985f
SHA512

be03eace04e016aac3b31949d466f6a929fe481c1d017a8fc7c0aa9e9620f0aff37b4b9a70159dcd2f6ec81c40424d00f4d6517553fc75316e2bb726b341fdca
SSDEEP

768:Q/o1HkRnToXL2awnYS708/fmci/r96aGZXodcjpEd1/aF5QM:u4HkRTOL2aGYS5/uB/rwYHcQM

Score

1^/10

Suspicious behavior: EnumeratesProcesses 14 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	448	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 448	2088	rundll32.exe	88
PID 2088 wrote to memory of 448	2088	rundll32.exe	88
PID 2088 wrote to memory of 448	2088	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\15b86cbe80ef05ccfd16f8b678735d53_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\15b86cbe80ef05ccfd16f8b678735d53_JaffaCakes118.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4404,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4604 /prefetch:8
1⤵
PID:1752