9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-03-2024 23:46

Target

13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe
Size

1.9MB
MD5

13003cbfb6d2adfeea85952f8172c4f7
SHA1

e5ef2dd654b50ed7be455cbe7aaabaa7acaedc80
SHA256

9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9
SHA512

ccb7e4dfb0454711cb50a619497072082bae3111ac8ba76b22d1f95af9721762b3b493596191f879bdca3d5872315009bb8f021ac131d9a1067e1dff91696824
SSDEEP

49152:YMWXWDNahuR7JmTqru3cJXNxDyfCDVYNd/0wZUGGa639KNg:YMwiYSHVYNSwZUhV3R

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

conhost.exe

description pid process

Token: SeDebugPrivilege 2080 conhost.exe

description	pid	process
Token: SeDebugPrivilege	2080	conhost.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe

description	pid	process	target process
PID 1048 wrote to memory of 2080	1048	13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe	conhost.exe
PID 1048 wrote to memory of 2080	1048	13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe	conhost.exe
PID 1048 wrote to memory of 2080	1048	13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe	conhost.exe
PID 1048 wrote to memory of 2080	1048	13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe	conhost.exe

C:\Users\Admin\AppData\Local\Temp\13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1048

C:\Windows\System32\conhost.exe
"C:\Windows\System32\conhost.exe" "C:\Users\Admin\AppData\Local\Temp\13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2080

memory/2080-0-0x0000000000170000-0x0000000000359000-memory.dmp

Filesize
1.9MB

Download
memory/2080-1-0x000000001B2C0000-0x000000001B4A8000-memory.dmp

Filesize
1.9MB

Download
memory/2080-3-0x0000000002120000-0x00000000021A0000-memory.dmp

Filesize
512KB

Download
memory/2080-2-0x000007FEF55D0000-0x000007FEF5FBC000-memory.dmp

Filesize
9.9MB

Download
memory/2080-4-0x0000000002120000-0x00000000021A0000-memory.dmp

Filesize
512KB

Download
memory/2080-6-0x000007FEF55D0000-0x000007FEF5FBC000-memory.dmp

Filesize
9.9MB

Download