46d55334fa9bdbbb542e9f8782227aa826a80e1d6ae170b9c486d09e9baaa19c

Analysis

max time kernel
94s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 07:32

Target

29d3257a0dd06a4e260770d1bc5ed7cf_JaffaCakes118.dll
Size

680KB
MD5

29d3257a0dd06a4e260770d1bc5ed7cf
SHA1

aed01b218675ec3427017badc4b176b181da7abd
SHA256

46d55334fa9bdbbb542e9f8782227aa826a80e1d6ae170b9c486d09e9baaa19c
SHA512

9ff069b00fac34253f0e073d82152c4e5f296e841e56aed28a0b7dc55dee5ef6d275197418e5a7c310b7cb2f0fb061044b7004171b409420232b1d6e4e88dd2c
SSDEEP

6144:+kHK76mDhpYarc7/iDvvmc3fAB0aGYiScm9kIBl+AQXxlRGOi0zBysdz:+kHSh+ao7/iD3JovQeBQAQBlj

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3568	rundll32.exe
3568	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3568	rundll32.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 3568	2672	rundll32.exe	82
PID 2672 wrote to memory of 3568	2672	rundll32.exe	82
PID 2672 wrote to memory of 3568	2672	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29d3257a0dd06a4e260770d1bc5ed7cf_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\29d3257a0dd06a4e260770d1bc5ed7cf_JaffaCakes118.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3568