300eb42f34c58abc2d2307423cbc909f43b626a12de3bb9ad4314f47efd83b89

Analysis

max time kernel
92s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 08:21

Target

33f4878a858a47c2aa7c045bf72c611f_JaffaCakes118.dll
Size

25KB
MD5

33f4878a858a47c2aa7c045bf72c611f
SHA1

4680967dd5ef9a60cbc0d74e91b582f2d2e3d926
SHA256

300eb42f34c58abc2d2307423cbc909f43b626a12de3bb9ad4314f47efd83b89
SHA512

ee7e5a2803c66d6be421c3d1fabc0a6cab733be1c1c778328b934b83b4cf57c0535ff8faa11ca1f342875398c4668f62daa22aa07859f96aafa7f545e7194de0
SSDEEP

192:6QuNZb2EKeGZwvjztw1W2MXOb0OsIZlWun/1dplPaggjNEZLj09eRJHhXoJ:2qU5XlXc0KWSbpIOOkRJH

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5008	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4740 wrote to memory of 5008	4740	rundll32.exe	80
PID 4740 wrote to memory of 5008	4740	rundll32.exe	80
PID 4740 wrote to memory of 5008	4740	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\33f4878a858a47c2aa7c045bf72c611f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\33f4878a858a47c2aa7c045bf72c611f_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5008

memory/5008-0-0x0000000020000000-0x00000000208FE000-memory.dmp

Filesize
9.0MB

Download