a62861c40c19bc3182c67314c02c2e8b082845ca611e9bad2553257b2743e777

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/03/2024, 20:37

Target

0f744a9b527782edb75cf171a19cf96e_JaffaCakes118.exe
Size

7.6MB
MD5

0f744a9b527782edb75cf171a19cf96e
SHA1

a4f8ebd208a5ba36c0d8196db794ceb268b95282
SHA256

a62861c40c19bc3182c67314c02c2e8b082845ca611e9bad2553257b2743e777
SHA512

934549bab0635a4610b51a262254e2ec5e9305d488c6be4d684408ee551f066734192fcd7135b7f37338847ecff611cd7e8c6b6661d4d6a30bde79290a88d6e8
SSDEEP

196608:eZuEy3k/C47lParzuJ6Dx0jyiNgifBtUnIhuTbyYDJfqFtev:2w3kK47p4KIuae361TbyYtqFt2

Score

7^/10

Executes dropped EXE 2 IoCs

pid	Process
2528	servbrow.exe
2504	servbrow.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\servbrow.exe	0f744a9b527782edb75cf171a19cf96e_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeTcbPrivilege	2528	servbrow.exe
Token: SeChangeNotifyPrivilege	2528	servbrow.exe
Token: SeIncreaseQuotaPrivilege	2528	servbrow.exe
Token: SeAssignPrimaryTokenPrivilege	2528	servbrow.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2372	0f744a9b527782edb75cf171a19cf96e_JaffaCakes118.exe
2528	servbrow.exe
2504	servbrow.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2504	2528	servbrow.exe	31
PID 2528 wrote to memory of 2504	2528	servbrow.exe	31
PID 2528 wrote to memory of 2504	2528	servbrow.exe	31
PID 2528 wrote to memory of 2504	2528	servbrow.exe	31

C:\Windows\servbrow.exe

Filesize
7.6MB

MD5
afa3f2b3dfe43d9ea75b0f4f186df215

SHA1
5d5092ed20267e77ae9d92b99118d49bb653b2b2

SHA256
efe3d26cebe8baeeeb41c105ba3a06d33f27101fcaeebd8cb10000f207b09798

SHA512
7a99cc205e2c61e29cad06cab92119b939ea02f2ac0598a1c0317db83ddcbd7a0b662b5c470cfac1dae258249dd783233e58196ba267825a62b38983ac14e82f

Download Submit