970629431b809b782b32b9f6f1a5525aca2bce70a3affc428f58c3cebede4d96

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 17:00

Target

28ecd6a35d90b7fb3c8fa05c2a7874ef_JaffaCakes118.dll
Size

104KB
MD5

28ecd6a35d90b7fb3c8fa05c2a7874ef
SHA1

8ebd6347a3429c09f95bc3016ed274aa6836f000
SHA256

970629431b809b782b32b9f6f1a5525aca2bce70a3affc428f58c3cebede4d96
SHA512

ca64f7d07ec7027d9d394caafa7efb1f6ab9be582df18d120ad286e65a0e274d261bb406c0fcddd5ef58cd1703403c1452dd93c4511d19ad91e9c05193d7af3a
SSDEEP

3072:4aXT3jUNwQz1nsKjrEKtShDg8zSVEllIlcuVcgB3:93vQz1sKjQ0ShDg8s1

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2756	rundll32.exe
2756	rundll32.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2756	2840	rundll32.exe	30
PID 2840 wrote to memory of 2756	2840	rundll32.exe	30
PID 2840 wrote to memory of 2756	2840	rundll32.exe	30
PID 2840 wrote to memory of 2756	2840	rundll32.exe	30
PID 2840 wrote to memory of 2756	2840	rundll32.exe	30
PID 2840 wrote to memory of 2756	2840	rundll32.exe	30
PID 2840 wrote to memory of 2756	2840	rundll32.exe	30
PID 2756 wrote to memory of 432	2756	rundll32.exe	5

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\28ecd6a35d90b7fb3c8fa05c2a7874ef_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\28ecd6a35d90b7fb3c8fa05c2a7874ef_JaffaCakes118.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2756

memory/432-0-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download