97880ddd0dd524ff9c3bc68832b2db68c26619c7e923c4cf697b05cdac0b0e7e

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 22:01

Target

fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118.exe
Size

1.0MB
MD5

fb42a4d9e7a418782eacac2efeeb9acb
SHA1

cc5a54f5b8cc11ebc3f45f1d734d2f5fa821e77a
SHA256

97880ddd0dd524ff9c3bc68832b2db68c26619c7e923c4cf697b05cdac0b0e7e
SHA512

063b3d9f0f9cd0d56eff2dc2c2504c3ac51a57cfbd75ee2b901508b48e9a0f61b3ef4a20fffd13376a31006644fa76f9640306f57a76d2446ca56584bad95180
SSDEEP

24576:tfQYosxhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRt+Gn:To54clgLH+tkWJ0Nb

Score

6^/10

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
4	api.ipify.org
5	api.ipify.org

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118.exe

description	pid	Process
Token: SeDebugPrivilege	1368	fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1368

memory/1368-0-0x00000000002F0000-0x0000000000400000-memory.dmp

Filesize
1.1MB

Download
memory/1368-1-0x000007FEF5040000-0x000007FEF5A2C000-memory.dmp

Filesize
9.9MB

Download
memory/1368-2-0x000000001AE70000-0x000000001AEF0000-memory.dmp

Filesize
512KB

Download
memory/1368-3-0x0000000002120000-0x0000000002196000-memory.dmp

Filesize
472KB

Download
memory/1368-4-0x000007FEF5040000-0x000007FEF5A2C000-memory.dmp

Filesize
9.9MB

Download