bd94b586c6a98c1f634c1689bc6e7b99d363c4a4c9267795bb7c09ae8c1c74e5

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 10:50

Target

346a6d8ab2e9edd9cb7d70f531184d81_JaffaCakes118.dll
Size

11KB
MD5

346a6d8ab2e9edd9cb7d70f531184d81
SHA1

c6aa992a78077e6b4d7d3e365a694e94d4976152
SHA256

bd94b586c6a98c1f634c1689bc6e7b99d363c4a4c9267795bb7c09ae8c1c74e5
SHA512

7407663ff517897335a2b5e4b301398a89d785cfea9d4f38e8a847d84b488621ea408b325dc9e2cd30cc909b6c29b0fc8ba825e96b485a2cb70545155324cc6d
SSDEEP

192:mj0xI9g4GOuBS65AnKectx7VGF3gorjjCKEj2xWbtVMjc3C3qNE6HCU2VdFK/NRw:mj04GOuBAn7ctpm3gsjjCZtA4CaNHHUt

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4952	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 4952	2268	rundll32.exe	83
PID 2268 wrote to memory of 4952	2268	rundll32.exe	83
PID 2268 wrote to memory of 4952	2268	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\346a6d8ab2e9edd9cb7d70f531184d81_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\346a6d8ab2e9edd9cb7d70f531184d81_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4952

memory/4952-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/4952-1-0x0000000001500000-0x0000000001501000-memory.dmp

Filesize
4KB

Download