a62861c40c19bc3182c67314c02c2e8b082845ca611e9bad2553257b2743e777

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2024 20:37

Target

0f744a9b527782edb75cf171a19cf96e_JaffaCakes118.exe
Size

7.6MB
MD5

0f744a9b527782edb75cf171a19cf96e
SHA1

a4f8ebd208a5ba36c0d8196db794ceb268b95282
SHA256

a62861c40c19bc3182c67314c02c2e8b082845ca611e9bad2553257b2743e777
SHA512

934549bab0635a4610b51a262254e2ec5e9305d488c6be4d684408ee551f066734192fcd7135b7f37338847ecff611cd7e8c6b6661d4d6a30bde79290a88d6e8
SSDEEP

196608:eZuEy3k/C47lParzuJ6Dx0jyiNgifBtUnIhuTbyYDJfqFtev:2w3kK47p4KIuae361TbyYtqFt2

Score

7^/10

Executes dropped EXE 2 IoCs

pid	Process
3092	servbrow.exe
3232	servbrow.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\servbrow.exe	0f744a9b527782edb75cf171a19cf96e_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeTcbPrivilege	3092	servbrow.exe
Token: SeChangeNotifyPrivilege	3092	servbrow.exe
Token: SeIncreaseQuotaPrivilege	3092	servbrow.exe
Token: SeAssignPrimaryTokenPrivilege	3092	servbrow.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2348	0f744a9b527782edb75cf171a19cf96e_JaffaCakes118.exe
3092	servbrow.exe
3232	servbrow.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3092 wrote to memory of 3232	3092	servbrow.exe	98
PID 3092 wrote to memory of 3232	3092	servbrow.exe	98
PID 3092 wrote to memory of 3232	3092	servbrow.exe	98

C:\Windows\servbrow.exe

Filesize
7.6MB

MD5
4067068b3a3e51fd4dd8938a382b211d

SHA1
e629391be9f89ea22bc8cf73a1e9cd87dfaab85a

SHA256
9aec3e3ec06b73280161283c2575f5efe2ecf21ff7c9bc3ac3bc951ea2760efb

SHA512
92d389ec032198c6b882cf0b4a4ee3b08bbe6b74c3db05fe707d16ba4f4d76543ad5d464d1788c586fdb0f6b72d88962a2f7fa93251aa8b5498d6ccb8aeb2e7b

Download Submit