eb64d185b2ffa5e8b6f3e610cc3564ff86818d3a88b1521b54e5c98234ad7026

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 16:24

Target

4a77912a864cf988ae93741562acc393_JaffaCakes118.dll
Size

21KB
MD5

4a77912a864cf988ae93741562acc393
SHA1

af0faab1d143f4ec2378a789bde24bf777294a6d
SHA256

eb64d185b2ffa5e8b6f3e610cc3564ff86818d3a88b1521b54e5c98234ad7026
SHA512

c75eac99e0317f2c453d06f12c8144b20861cf2833b37b24e3b95c55ab245deaaa93e289fb41f08a65af2c58d9e98a4b416d288420770cad4d7d53dc90ad3ccc
SSDEEP

384:qcAV2eBCgqlgR8MW3UVTB2DMXkNcXTvARGxiki1pW7XLFVsL7fr5olzTb4:qccHAlgI3UVTKYACTDiki1IAdolb4

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/208-0-0x0000000000400000-0x0000000000413000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	208	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3316 wrote to memory of 208	3316	rundll32.exe	83
PID 3316 wrote to memory of 208	3316	rundll32.exe	83
PID 3316 wrote to memory of 208	3316	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a77912a864cf988ae93741562acc393_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3316
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a77912a864cf988ae93741562acc393_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:208

memory/208-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download