0a253f1382d7aaf803cf528f70c3060f2cffd71080798053912757caccca3605

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 11:04

Target

f35ae9642531120a7de673fbf3a19be8_JaffaCakes118.exe
Size

39KB
MD5

f35ae9642531120a7de673fbf3a19be8
SHA1

ce26a243b3c0e48bf87abdf699a6b2dbab8ef282
SHA256

0a253f1382d7aaf803cf528f70c3060f2cffd71080798053912757caccca3605
SHA512

9ca06f560a41d89ad1b61fbb06a0c7ec12253919c46c6fbdc71fef1ad6fb1d1d459c68b001dcbdb7e6d2e547347ea84fd10fa264799cab907a781ce5eb90aecb
SSDEEP

768:x4793PZ6iUzpzM/z3uEXoXPNG+bPbAQtX+3j7BjPJOLg:xm3PZ6iUNzgulPN7bs0Aj7hgg

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3460	3504	WerFault.exe	81

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3504	f35ae9642531120a7de673fbf3a19be8_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f35ae9642531120a7de673fbf3a19be8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f35ae9642531120a7de673fbf3a19be8_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3504
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 1512
  2⤵
  - Program crash
  PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 3504 -ip 3504
1⤵
PID:1168

memory/3504-0-0x0000000000420000-0x0000000000430000-memory.dmp

Filesize
64KB

Download
memory/3504-1-0x00000000749A0000-0x0000000075150000-memory.dmp

Filesize
7.7MB

Download
memory/3504-2-0x00000000749A0000-0x0000000075150000-memory.dmp

Filesize
7.7MB

Download