f30abd5d0148d9e37b1651f9008af929e68b12c0ac7db956a2f61606179a7a98

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 10:38

Target

5ea2377bbb228ca99f21e33f278f66d8_JaffaCakes118.exe
Size

1.9MB
MD5

5ea2377bbb228ca99f21e33f278f66d8
SHA1

92443c127ee3b2a05e294adb39063e04f3cf0e5d
SHA256

f30abd5d0148d9e37b1651f9008af929e68b12c0ac7db956a2f61606179a7a98
SHA512

f928022199de2dd1d899883e54b94408936b2c39e556de14dab38e0eb5aa1fe990a71d688bbd98f1cf74170ab5be0d0464ac6750581ce202436ccc2b79a1ad0c
SSDEEP

24576:pvLvfClBigKnGgyjbw3MCFbOAfdxv/UWKH80:pvTvlGdbqHzv/Y

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLoadDriverPrivilege	2956	5ea2377bbb228ca99f21e33f278f66d8_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	2956	5ea2377bbb228ca99f21e33f278f66d8_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ea2377bbb228ca99f21e33f278f66d8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5ea2377bbb228ca99f21e33f278f66d8_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2956

memory/2956-0-0x0000000000300000-0x00000000003FF000-memory.dmp

Filesize
1020KB

Download
memory/2956-2-0x0000000000300000-0x00000000003FF000-memory.dmp

Filesize
1020KB

Download
memory/2956-3-0x0000000000402000-0x0000000000403000-memory.dmp

Filesize
4KB

Download
memory/2956-4-0x0000000000400000-0x0000000000CFC000-memory.dmp

Filesize
9.0MB

Download
memory/2956-5-0x0000000000400000-0x0000000000CFC000-memory.dmp

Filesize
9.0MB

Download
memory/2956-7-0x0000000000300000-0x00000000003FF000-memory.dmp

Filesize
1020KB

Download
memory/2956-6-0x0000000000400000-0x0000000000CFC000-memory.dmp

Filesize
9.0MB

Download