229b40013f713aca92d1829629c5acd56ab071ad847b8053455bb3a15eee77f9

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 01:20

Target

eff7a1da2237562f8ed932efec61a6c8_JaffaCakes118.exe
Size

15KB
MD5

eff7a1da2237562f8ed932efec61a6c8
SHA1

4014ed78d82c912beaaa13cde6f495d35001af72
SHA256

229b40013f713aca92d1829629c5acd56ab071ad847b8053455bb3a15eee77f9
SHA512

be62c13a757a75c66b42cdf30aba5de2ccf47a0d79c6bd5145db0668bd6192f3a195a7a86ccb66b79c59dfeced25c8c08622f3f76ed61f9e4012a9497ed6a5b7
SSDEEP

384:Ub9Hbo43OGd80B0DQ60Kp4KHXAFRjH5IMPzpsLR1E:s7N3htGDr0KWRH5IGzpst1E

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ldC12.tmp	eff7a1da2237562f8ed932efec61a6c8_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1044	eff7a1da2237562f8ed932efec61a6c8_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1044	eff7a1da2237562f8ed932efec61a6c8_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 1 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 436	1044	eff7a1da2237562f8ed932efec61a6c8_JaffaCakes118.exe	5

memory/436-1-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/1044-3-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download