49286301a9d38f27194d169a7da5d3a6bb351073f0df2f56f9545434a70842e2

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:21

Target

65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
Size

3.2MB
MD5

65d5ae4acda27c4bb47a179425030a3f
SHA1

6f504fbfc5c4740f8cf8dd77253f02e6db20d13e
SHA256

49286301a9d38f27194d169a7da5d3a6bb351073f0df2f56f9545434a70842e2
SHA512

a1895bfae4159756cb2b89e3ee67cee59574c1563c3ae1b0c8713e857c8f711c0f2633bc58dc8de7133ed7238b947837d2ea42b61ac6798e86971493d0fe3827
SSDEEP

98304:G2cPK8r/gia3xXjaBhbA2kBpxg0H6Qla:pCKywXjsAJgu6Z

Score

1^/10

NTFS ADS 1 IoCs

Processes:

65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\WinNT:\KXIPPCKF,computer	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

pid process

1300 65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

description pid process

Token: SeDebugPrivilege 1300 65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

description	pid	process
Token: SeDebugPrivilege	1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 10 IoCs

Processes:

65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

pid	process
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 10 IoCs

Processes:

65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

pid	process
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1300	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFileTransGui.jpg

Filesize
12KB

MD5
32430de585a98f480347e8f7b69b7bfa

SHA1
618cff46168d717dc3b8a1bb7564951186268840

SHA256
f651b3a8956e95a932c174c32fcb82ec19fa12b9a5a989aa0c40df5713a24acf

SHA512
8a81e0170d9bba995e37dec2b5589c02fef184d552175bf7312f98b3284e7b938e7efaa2257b3d4246a250f67a7bb7d605f9a60af77f21d859336b5ce391a8f4

Download Submit