cc94b2d179c5d7817b97287c64a045884f02ddf00844c9e862e93c4e9e2c6d2d

Analysis

max time kernel
121s
max time network
132s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 22:23

Target

7abe6d48f4ec539abb56ea0c8532beac_JaffaCakes118.exe
Size

525KB
MD5

7abe6d48f4ec539abb56ea0c8532beac
SHA1

037af467ca2d66276880c01be5f43b7e60eb3a0d
SHA256

cc94b2d179c5d7817b97287c64a045884f02ddf00844c9e862e93c4e9e2c6d2d
SHA512

4113eb210c2379eb8a0b08cc57ecd6e0d905ed915c5410d8c14225c8130a8c7e005bbeb7cf699dde794fd35ff68e342b12522d56070689772cf21800db324e26
SSDEEP

12288:QwG0kVzqqPIvLAVPNEeaD8gbaRmMiJGEhmtb1:FlyzqqAXXD8gi2JLC

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2964	7abe6d48f4ec539abb56ea0c8532beac_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 2960	2964	7abe6d48f4ec539abb56ea0c8532beac_JaffaCakes118.exe	28
PID 2964 wrote to memory of 2960	2964	7abe6d48f4ec539abb56ea0c8532beac_JaffaCakes118.exe	28
PID 2964 wrote to memory of 2960	2964	7abe6d48f4ec539abb56ea0c8532beac_JaffaCakes118.exe	28
PID 2964 wrote to memory of 2960	2964	7abe6d48f4ec539abb56ea0c8532beac_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\7abe6d48f4ec539abb56ea0c8532beac_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7abe6d48f4ec539abb56ea0c8532beac_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 904
  2⤵
  PID:2960

memory/2960-3-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2960-5-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2964-0-0x0000000074AC1000-0x0000000074AC2000-memory.dmp

Filesize
4KB

Download
memory/2964-1-0x0000000074AC0000-0x000000007506B000-memory.dmp

Filesize
5.7MB

Download
memory/2964-2-0x0000000074AC0000-0x000000007506B000-memory.dmp

Filesize
5.7MB

Download
memory/2964-4-0x0000000074AC0000-0x000000007506B000-memory.dmp

Filesize
5.7MB

Download