032986acb2febe1dea8fa6a9848127ed19bad4480cd2afc36720a8d25420b749

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 17:26

Target

2330ff9c41c99648582e88d4ca1572cf_JaffaCakes118.dll
Size

601KB
MD5

2330ff9c41c99648582e88d4ca1572cf
SHA1

ae55d5c0242b85c92535102fc6e14fcf2922bcf7
SHA256

032986acb2febe1dea8fa6a9848127ed19bad4480cd2afc36720a8d25420b749
SHA512

a8bb0e1bf94bdfc59044e9a80a4cff97423cf26f5ad77f150e0adf0fa9e5782790816c1c113b60ff6f6024ee2a3c7fd070b7abd7f6b6fd76ebb582cda310809b
SSDEEP

12288:QXikiW2mWfmxYl5u4PIYpJrgrezUJPNa0iJjNE5I4CqBNWbLzHW:6iO2mWeSl84PVpJrwmUmjGI4CqBNWbLj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2964	1844	WerFault.exe	82

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1844	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 1844	2484	rundll32.exe	82
PID 2484 wrote to memory of 1844	2484	rundll32.exe	82
PID 2484 wrote to memory of 1844	2484	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2330ff9c41c99648582e88d4ca1572cf_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2330ff9c41c99648582e88d4ca1572cf_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1844
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 700
    3⤵
    - Program crash
    PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1844 -ip 1844
1⤵
PID:712