02299f84df371b28155939c930d55e72a54cda7d70cfb9bc18250b9f86205d77

Analysis

max time kernel
94s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 12:13

Target

1b41c8649bc0890d0e4c09784667c66a_JaffaCakes118.dll
Size

282KB
MD5

1b41c8649bc0890d0e4c09784667c66a
SHA1

88950acd23c1a01a5fd78af40a3e79397d3fb016
SHA256

02299f84df371b28155939c930d55e72a54cda7d70cfb9bc18250b9f86205d77
SHA512

87a7644db92a1101c98dab961a53accfe16d6b7115fa0b5761ab9876b0c0dd21b2c66127f6d7fdac7afa115904a8f158ff6d317a979cdee292fe7d2a48b7a71b
SSDEEP

6144:gf89znVHd6urMCkHiFOFUw+HBu5QnQzRkiwOF7tiNzZ7zEG1n0a9Q:gf2d6oMCkHiFOFUwKOQnQFpVF7tK99Rq

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\fdght.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\fdght.dll	rundll32.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4568	rundll32.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 4568	4432	rundll32.exe	81
PID 4432 wrote to memory of 4568	4432	rundll32.exe	81
PID 4432 wrote to memory of 4568	4432	rundll32.exe	81
PID 4568 wrote to memory of 3508	4568	rundll32.exe	56