c68a575ff56c8d95ec9695e7a2c1d587068ca0d70bcfe5d608d47349dd398f38

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 05:57

Target

214df244be678dd085bc8176e12b32ce_JaffaCakes118.dll
Size

89KB
MD5

214df244be678dd085bc8176e12b32ce
SHA1

b099842299e92322a075795de1ff92064763b274
SHA256

c68a575ff56c8d95ec9695e7a2c1d587068ca0d70bcfe5d608d47349dd398f38
SHA512

7d43c3493ca643788875b1419a7127aaf233b33b04f53c9ddf9ee4eb4ab59043ce10a780b97f3432e9e9aa21a349d0a551c0b116107a945d3f5dc293308b5cd5
SSDEEP

1536:FZNdGyq9tKr3sXHdlwhwdraXkzoQQ/aPn6QEmCPKAaiYemo8o9T4y:VcyqjKr3stl1Fa8Sn/KAuo8G4y

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2244	rundll32.exe
Token: SeSecurityPrivilege	2244	rundll32.exe
Token: SeTakeOwnershipPrivilege	2244	rundll32.exe
Token: SeLoadDriverPrivilege	2244	rundll32.exe
Token: SeSystemProfilePrivilege	2244	rundll32.exe
Token: SeSystemtimePrivilege	2244	rundll32.exe
Token: SeProfSingleProcessPrivilege	2244	rundll32.exe
Token: SeIncBasePriorityPrivilege	2244	rundll32.exe
Token: SeCreatePagefilePrivilege	2244	rundll32.exe
Token: SeShutdownPrivilege	2244	rundll32.exe
Token: SeDebugPrivilege	2244	rundll32.exe
Token: SeSystemEnvironmentPrivilege	2244	rundll32.exe
Token: SeRemoteShutdownPrivilege	2244	rundll32.exe
Token: SeUndockPrivilege	2244	rundll32.exe
Token: SeManageVolumePrivilege	2244	rundll32.exe
Token: 33	2244	rundll32.exe
Token: 34	2244	rundll32.exe
Token: 35	2244	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2244	2468	rundll32.exe	28
PID 2468 wrote to memory of 2244	2468	rundll32.exe	28
PID 2468 wrote to memory of 2244	2468	rundll32.exe	28
PID 2468 wrote to memory of 2244	2468	rundll32.exe	28
PID 2468 wrote to memory of 2244	2468	rundll32.exe	28
PID 2468 wrote to memory of 2244	2468	rundll32.exe	28
PID 2468 wrote to memory of 2244	2468	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\214df244be678dd085bc8176e12b32ce_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\214df244be678dd085bc8176e12b32ce_JaffaCakes118.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2244

memory/2244-0-0x000000005F050000-0x000000005F051000-memory.dmp

Filesize
4KB

Download
memory/2244-1-0x000000005F080000-0x000000005F081000-memory.dmp

Filesize
4KB

Download
memory/2244-2-0x000000005F090000-0x000000005F091000-memory.dmp

Filesize
4KB

Download