99b02559b907fc80346f11977b67cf905f5c06fb2eba2654c029bb4f83c6f3a0

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 13:00

Target

2c70d69ff5884a0d650492131e55aed7_JaffaCakes118.dll
Size

106KB
MD5

2c70d69ff5884a0d650492131e55aed7
SHA1

dfc2084023208f186849c19cbe976d6dd293b5bf
SHA256

99b02559b907fc80346f11977b67cf905f5c06fb2eba2654c029bb4f83c6f3a0
SHA512

5ba52e126552bcf1f1502279a51c200b5740381e3a1b33394afa2ab796bfa38366a77a3d9de156406898887afb08464d2625de492b5800c0fa5b885788e3d413
SSDEEP

3072:zV01tJbUV20JtTjTg1C+MtUAs5YwZpvMNP8ca+E:B01L820Ji1C+t5Y8ca+E

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3964	rundll32.exe
3964	rundll32.exe

Suspicious use of AdjustPrivilegeToken 19 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3964	rundll32.exe
Token: SeSecurityPrivilege	3964	rundll32.exe
Token: SeTakeOwnershipPrivilege	3964	rundll32.exe
Token: SeLoadDriverPrivilege	3964	rundll32.exe
Token: SeSystemProfilePrivilege	3964	rundll32.exe
Token: SeSystemtimePrivilege	3964	rundll32.exe
Token: SeProfSingleProcessPrivilege	3964	rundll32.exe
Token: SeIncBasePriorityPrivilege	3964	rundll32.exe
Token: SeCreatePagefilePrivilege	3964	rundll32.exe
Token: SeShutdownPrivilege	3964	rundll32.exe
Token: SeDebugPrivilege	3964	rundll32.exe
Token: SeSystemEnvironmentPrivilege	3964	rundll32.exe
Token: SeRemoteShutdownPrivilege	3964	rundll32.exe
Token: SeUndockPrivilege	3964	rundll32.exe
Token: SeManageVolumePrivilege	3964	rundll32.exe
Token: 33	3964	rundll32.exe
Token: 34	3964	rundll32.exe
Token: 35	3964	rundll32.exe
Token: 36	3964	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 3964	1400	rundll32.exe	82
PID 1400 wrote to memory of 3964	1400	rundll32.exe	82
PID 1400 wrote to memory of 3964	1400	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c70d69ff5884a0d650492131e55aed7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c70d69ff5884a0d650492131e55aed7_JaffaCakes118.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3964

memory/3964-1-0x000000007624F000-0x0000000076250000-memory.dmp

Filesize
4KB

Download
memory/3964-0-0x0000000077E22000-0x0000000077E23000-memory.dmp

Filesize
4KB

Download
memory/3964-2-0x0000000076230000-0x0000000076320000-memory.dmp

Filesize
960KB

Download
memory/3964-3-0x0000000076230000-0x0000000076320000-memory.dmp

Filesize
960KB

Download