Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29-05-2024 13:14
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe
-
Size
449KB
-
MD5
80dbb95b241157e43f898af46a203ee6
-
SHA1
9ca947e6ca47918a197ca36bc7e855a9f59c305a
-
SHA256
20481d1b88aa543d4011d497514cca88b6b4757a33bb950dde06c0436fb75cce
-
SHA512
84b9884653b2a9fe427dda3f9d6de4a957de49534eed37aa4845dade71e479d185b2c3d796030e6997544823471c0d1cdea704f835ee7904c54658f460afe515
-
SSDEEP
12288:xoL4EnU4T/vjL27xkuhG/4VAp1mcVYAmVLc08jIWYuTnuvUhGij7Wla7:xwnU4TDL27xLhG/eAicVYPlcDInuTuvy
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2872 80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 13 IoCs
description pid Process procid_target PID 2872 wrote to memory of 2728 2872 80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe 28 PID 2872 wrote to memory of 2728 2872 80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe 28 PID 2872 wrote to memory of 2728 2872 80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe 28 PID 2872 wrote to memory of 2728 2872 80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe 28 PID 2872 wrote to memory of 2728 2872 80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe 28 PID 2872 wrote to memory of 2728 2872 80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe 28 PID 2872 wrote to memory of 2728 2872 80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe 28 PID 2872 wrote to memory of 2728 2872 80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe 28 PID 2872 wrote to memory of 2728 2872 80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe 28 PID 2872 wrote to memory of 2728 2872 80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe 28 PID 2872 wrote to memory of 2728 2872 80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe 28 PID 2872 wrote to memory of 2728 2872 80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe 28 PID 2872 wrote to memory of 2728 2872 80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2872 -
C:\Users\Admin\AppData\Local\Temp\80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe2⤵PID:2728
-