b4c7509a5fddb90961839b91865d2903ae6ac5371d3e75d19144a56d77601514

Analysis

max time kernel
123s
max time network
129s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 11:13

Target

5ec55a7fe861783e8e7ae521e1caece5_JaffaCakes118.exe
Size

1.5MB
MD5

5ec55a7fe861783e8e7ae521e1caece5
SHA1

4e647e664e50dfbc6c5819f0603d52c4b73e2c10
SHA256

b4c7509a5fddb90961839b91865d2903ae6ac5371d3e75d19144a56d77601514
SHA512

d16457b99db5a4870c09ac09734dc105044372b78fd75bee3508c14af046b26c4f02e551abe4758796d58a1ee95f16f693cbae65c5a4acc7cbbb2088a62de0f2
SSDEEP

49152:jHAHGHk3gIhE3gIh9o9bZ+o9bZS3gIhE3gIh9o9bZ23gIhE3gIh9o9bZJGHk3gIu:7A/4vnR

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2936	5ec55a7fe861783e8e7ae521e1caece5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ec55a7fe861783e8e7ae521e1caece5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5ec55a7fe861783e8e7ae521e1caece5_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2936

memory/2936-0-0x000000007415E000-0x000000007415F000-memory.dmp

Filesize
4KB

Download
memory/2936-1-0x0000000000940000-0x0000000000AD0000-memory.dmp

Filesize
1.6MB

Download
memory/2936-2-0x0000000074150000-0x000000007483E000-memory.dmp

Filesize
6.9MB

Download
memory/2936-3-0x0000000074150000-0x000000007483E000-memory.dmp

Filesize
6.9MB

Download
memory/2936-4-0x000000007415E000-0x000000007415F000-memory.dmp

Filesize
4KB

Download
memory/2936-5-0x0000000074150000-0x000000007483E000-memory.dmp

Filesize
6.9MB

Download