5ab8699644c42fc1533b3cb992938003f8cec57a304f7fd9fb25b9498ae86a52

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 23:15

Target

298f0e5415582709041d6c80c42dee06_JaffaCakes118.dll
Size

578KB
MD5

298f0e5415582709041d6c80c42dee06
SHA1

98781b16b4550ac841f9d4c400b0250c872dd44e
SHA256

5ab8699644c42fc1533b3cb992938003f8cec57a304f7fd9fb25b9498ae86a52
SHA512

5c92750c5907022059e9b2534cc091c6a9f7cda302c3624cc70098d5daae0e80a7c76d145b8ec25957d46ddf91ea8509d9f3be933aa16c1b37f60682eaa9ea16
SSDEEP

12288:uHIZM1rVuB9smgOLU0+3wsK5zmNsRaq/+rFL5vyVqslfZDNTeNZ1hj:uSM1r+9sdOY0jsZNqa4+F5vyVqsvleNZ

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3636	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3788 wrote to memory of 3636	3788	rundll32.exe	83
PID 3788 wrote to memory of 3636	3788	rundll32.exe	83
PID 3788 wrote to memory of 3636	3788	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\298f0e5415582709041d6c80c42dee06_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\298f0e5415582709041d6c80c42dee06_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3636

memory/3636-0-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download