d8908755ffd54fa035cb953d8ee3f0f52ac3e848db70c6bd93e774d440e566ba

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 17:59

Target

3e52d4a84d54a850fc71a258d5c82d9d_JaffaCakes118.dll
Size

33KB
MD5

3e52d4a84d54a850fc71a258d5c82d9d
SHA1

c47cd5a4f9db5610bfae4cb1565c96c3d5b3e47d
SHA256

d8908755ffd54fa035cb953d8ee3f0f52ac3e848db70c6bd93e774d440e566ba
SHA512

9f43fe8b38a2e3b6ac14f36ca0ea01bf0d84003f2bef401fb1884ef4e4b0ebf345478cd3571224a92dd5673c30d64142e922aa33a47d4ce1bf3394aedb4c4d25
SSDEEP

768:ShvIm+tmYXrDgc8vV6JZ+ynXe/PGLos/+NZIf:ShvImoXXgc8vgJGGksQZa

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\segtrgh.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\segtrgh.dll	rundll32.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2668	rundll32.exe
Token: SeDebugPrivilege	2668	rundll32.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2668	2524	rundll32.exe	83
PID 2524 wrote to memory of 2668	2524	rundll32.exe	83
PID 2524 wrote to memory of 2668	2524	rundll32.exe	83
PID 2668 wrote to memory of 3512	2668	rundll32.exe	56
PID 2668 wrote to memory of 3512	2668	rundll32.exe	56