3e29da0f715544ddbee8d58fe71cb60271c1a3b774c2bfea6fbd71481e4985b8

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 13:12

Target

60a29065ff87c2b9f705ab9e4ac41da4_JaffaCakes118.dll
Size

12KB
MD5

60a29065ff87c2b9f705ab9e4ac41da4
SHA1

7466c610c168692152d2d058f1c3f4dd45241fea
SHA256

3e29da0f715544ddbee8d58fe71cb60271c1a3b774c2bfea6fbd71481e4985b8
SHA512

721b801c6cb56231c0536aa271321f0a597101ee3ea6331e65668bd30d7d3f91fa6d29ba34a019f3ccbc6960adafdb1552d1a866d555ddbfadd24538ce69b24b
SSDEEP

384:HLNVnIUSlvKRJIk1oiur9JBmq8HbYsRG43+fd2bj+cSC3:Hh9I1vKRJp4pJe8stu30

Score

1^/10

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
660	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3848	rundll32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3848	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 672 wrote to memory of 3848	672	rundll32.exe	85
PID 672 wrote to memory of 3848	672	rundll32.exe	85
PID 672 wrote to memory of 3848	672	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\60a29065ff87c2b9f705ab9e4ac41da4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\60a29065ff87c2b9f705ab9e4ac41da4_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:3848

memory/3848-0-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download