b4a4a604058f6ffee59abf2f683c8330d8bb748632ae30dc26c57ce99c6625b3 | Triage

Analysis

max time kernel
51s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 15:38

Sharing

Report Analysis Logs

General

Target

168de29dafb96ab91411ac4cd99b13c5_JaffaCakes118.dll
Size

7KB
MD5

168de29dafb96ab91411ac4cd99b13c5
SHA1

7f8ac40d8741500054eeb10e23a847741bdef6b3
SHA256

b4a4a604058f6ffee59abf2f683c8330d8bb748632ae30dc26c57ce99c6625b3
SHA512

eb7d90838b7e121d294397761264337482a22846c36354d1451209c83c71bc99de4b0d2ae22b48d2b7d673159edb20b8d5c1a1332a134276d776e61e6752b782
SSDEEP

192:aDOH3p5vQx5g/Szyl90rN3QUnHfhj/R+:SOfx/h/6Qg5j/o

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1448-0-0x0000000010000000-0x000000001000B000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1448	rundll32.exe
Token: SeLoadDriverPrivilege	1448	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 1448	968	rundll32.exe	81
PID 968 wrote to memory of 1448	968	rundll32.exe	81
PID 968 wrote to memory of 1448	968	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\168de29dafb96ab91411ac4cd99b13c5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\168de29dafb96ab91411ac4cd99b13c5_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1448-0-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download