cb08e8ea6c124f0bdf2caf7b207d7a630810fd768e0cf33208efbca2180a244d

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 16:31

Target

63f926bc3c08838c4b3b919203ecc904_JaffaCakes118.exe
Size

33KB
MD5

63f926bc3c08838c4b3b919203ecc904
SHA1

16df3b69689a3084ac8d7c7ecb5c21844960acc3
SHA256

cb08e8ea6c124f0bdf2caf7b207d7a630810fd768e0cf33208efbca2180a244d
SHA512

01bec4a92ca0b6b576e2565836b8729bfd491e0c570cb72d4941ba197a30fc8f2609de9cc2c42eb658fa128e20e12c657378bd9fcb7b0d19561e5c388dcdc76f
SSDEEP

768:hucUulqPfVIQGJuNThgd/iVAGia6207TBLk7DW:hhlEPfietSdWniI07TV

Score

1^/10

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

63f926bc3c08838c4b3b919203ecc904_JaffaCakes118.exe

description	pid	process
Token: SeBackupPrivilege	1368	63f926bc3c08838c4b3b919203ecc904_JaffaCakes118.exe
Token: SeRestorePrivilege	1368	63f926bc3c08838c4b3b919203ecc904_JaffaCakes118.exe
Token: SeSecurityPrivilege	1368	63f926bc3c08838c4b3b919203ecc904_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	1368	63f926bc3c08838c4b3b919203ecc904_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\63f926bc3c08838c4b3b919203ecc904_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\63f926bc3c08838c4b3b919203ecc904_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1368

memory/1368-0-0x0000000001000000-0x000000000107C000-memory.dmp

Filesize
496KB

Download
memory/1368-2-0x0000000001000000-0x000000000107C000-memory.dmp

Filesize
496KB

Download