4589d645709ef29048146d23aa6bc9429f9f5e0fc7b74a635e6d98d9dc457039

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-05-2024 23:52

Target

1509df728aca75cdfa665897d4359f1a_JaffaCakes118.exe
Size

1.0MB
MD5

1509df728aca75cdfa665897d4359f1a
SHA1

e877c6f548a8bea17d67388764ff1e365372cd0a
SHA256

4589d645709ef29048146d23aa6bc9429f9f5e0fc7b74a635e6d98d9dc457039
SHA512

6c375ab0b113830367b3e5198d4830e31d2e76bf821fc1aa19f32c60aaf219a056a11cd8d27143f45a637be1bde43606f7bc9c27800deb6a90f277b7531897d6
SSDEEP

12288:7n0on38Lb5PEblFLFuFLEVpjGNFld2p+ojIZZGJTTGob+Ab+7uEgpznnGZh7lfYO:4onKb5cbgUkF7d7GJT6oiAiSEO6hPV

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2860	1509df728aca75cdfa665897d4359f1a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\1509df728aca75cdfa665897d4359f1a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1509df728aca75cdfa665897d4359f1a_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2860

memory/2860-0-0x0000000074481000-0x0000000074482000-memory.dmp

Filesize
4KB

Download
memory/2860-8-0x0000000074480000-0x0000000074A2B000-memory.dmp

Filesize
5.7MB

Download
memory/2860-19-0x0000000074480000-0x0000000074A2B000-memory.dmp

Filesize
5.7MB

Download
memory/2860-20-0x0000000074480000-0x0000000074A2B000-memory.dmp

Filesize
5.7MB

Download
memory/2860-21-0x0000000074480000-0x0000000074A2B000-memory.dmp

Filesize
5.7MB

Download