d018a7658d8dcb21b5a371e6df3207b14d97a1d9c564565f923d5941894624d0

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 01:22

Target

f4becb408d750ad2afbf21c109bf3b47_JaffaCakes118.exe
Size

823KB
MD5

f4becb408d750ad2afbf21c109bf3b47
SHA1

8ac72cb52d1a7b5e898bb4af2116002da9ee917b
SHA256

d018a7658d8dcb21b5a371e6df3207b14d97a1d9c564565f923d5941894624d0
SHA512

8ecfbbf42329b0373540d7cfc7e53c54f9aae6a50a0958952195e31f046503bfee544d13cbd7d252a47a6026706eacd1135bddbe4d1175984b0a028268499a71
SSDEEP

12288:nS2y7gqyVknlb8uYhkOH7eNcHqIucsgHs1KPzx50+xT/qR:nAnyVklb853hnugMqd50+o

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2700	f4becb408d750ad2afbf21c109bf3b47_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f4becb408d750ad2afbf21c109bf3b47_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f4becb408d750ad2afbf21c109bf3b47_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2700

memory/2700-1-0x0000000074390000-0x0000000074A7E000-memory.dmp

Filesize
6.9MB

Download
memory/2700-0-0x0000000000A40000-0x0000000000B14000-memory.dmp

Filesize
848KB

Download
memory/2700-2-0x0000000004980000-0x00000000049C0000-memory.dmp

Filesize
256KB

Download
memory/2700-3-0x0000000074390000-0x0000000074A7E000-memory.dmp

Filesize
6.9MB

Download
memory/2700-4-0x0000000004980000-0x00000000049C0000-memory.dmp

Filesize
256KB

Download