b11a4164fe2b4164265089bfb968ea3a1b92190f0db8b9b9d543e3522901b8d4

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 15:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Size

1.4MB
MD5

878981223bb394c105262ce1cb522d7b
SHA1

93ea1bf67b30873524671825458c3e8c9785b171
SHA256

b11a4164fe2b4164265089bfb968ea3a1b92190f0db8b9b9d543e3522901b8d4
SHA512

5cba5d7f098574c6de6ea611e8a959c4aff738cbbb0b35a28de6535ee15151ed255e04911493474d6dcf5903a50d33a3e12109f365a6132ca6d0c9ae139e48f4
SSDEEP

24576:+a3W/e+lpSuCVebLJ8Ep2wv5AI/qZT+2fl+PIetD41G5/h7srTr4f:+BlHVCw80vvSIyVtYPI84wh72+

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3212	4748	WerFault.exe	81

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeSecurityPrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeSystemtimePrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeBackupPrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeRestorePrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeShutdownPrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeDebugPrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeUndockPrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeManageVolumePrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeImpersonatePrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: 33	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: 34	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: 35	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
Token: 36	4748	878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\878981223bb394c105262ce1cb522d7b_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4748
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 756
  2⤵
  - Program crash
  PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4748 -ip 4748
1⤵
PID:880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4748-0-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/4748-1-0x0000000000400000-0x000000000055A000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads