b79248198924cac145580c98378324fe16ab319e5da4d1e7a1b379d375f0b410

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 00:51

Target

8c5ff664440d0134f317ebbdebca6f7f_JaffaCakes118.exe
Size

426KB
MD5

8c5ff664440d0134f317ebbdebca6f7f
SHA1

f5454ed8399d7024a45d51c20aa5be3bfb775785
SHA256

b79248198924cac145580c98378324fe16ab319e5da4d1e7a1b379d375f0b410
SHA512

2ddbee7e12a9df9032aae61dc03cbf407bbba9fdcc66c9d5dea042e05165eba8388aa08e3d8e161be25b70152c8dec2c495ffd95a2c38efd694f4df48ab8ec3f
SSDEEP

12288:qZ6ETUFctxIDSXXKpZYnXcyu9UPEmSQ7pB/Qd41gG:qwEYLDSn1Xcysr6B/yG

Score

5^/10

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2172-2-0x0000000140000000-0x000000014010A000-memory.dmp	autoit_exe
behavioral1/memory/2464-3-0x0000000140000000-0x000000014010A000-memory.dmp	autoit_exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2172	8c5ff664440d0134f317ebbdebca6f7f_JaffaCakes118.exe
2172	8c5ff664440d0134f317ebbdebca6f7f_JaffaCakes118.exe
2172	8c5ff664440d0134f317ebbdebca6f7f_JaffaCakes118.exe
2464	8c5ff664440d0134f317ebbdebca6f7f_JaffaCakes118.exe
2464	8c5ff664440d0134f317ebbdebca6f7f_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2172	8c5ff664440d0134f317ebbdebca6f7f_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	2172	8c5ff664440d0134f317ebbdebca6f7f_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	2172	8c5ff664440d0134f317ebbdebca6f7f_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 2808	2464	8c5ff664440d0134f317ebbdebca6f7f_JaffaCakes118.exe	30
PID 2464 wrote to memory of 2808	2464	8c5ff664440d0134f317ebbdebca6f7f_JaffaCakes118.exe	30
PID 2464 wrote to memory of 2808	2464	8c5ff664440d0134f317ebbdebca6f7f_JaffaCakes118.exe	30
PID 2808 wrote to memory of 2700	2808	cmd.exe	31
PID 2808 wrote to memory of 2700	2808	cmd.exe	31
PID 2808 wrote to memory of 2700	2808	cmd.exe	31
PID 2700 wrote to memory of 2484	2700	net.exe	32
PID 2700 wrote to memory of 2484	2700	net.exe	32
PID 2700 wrote to memory of 2484	2700	net.exe	32
PID 2464 wrote to memory of 2660	2464	8c5ff664440d0134f317ebbdebca6f7f_JaffaCakes118.exe	33
PID 2464 wrote to memory of 2660	2464	8c5ff664440d0134f317ebbdebca6f7f_JaffaCakes118.exe	33
PID 2464 wrote to memory of 2660	2464	8c5ff664440d0134f317ebbdebca6f7f_JaffaCakes118.exe	33

memory/2172-0-0x0000000140000000-0x000000014010A000-memory.dmp

Filesize
1.0MB

Download
memory/2172-2-0x0000000140000000-0x000000014010A000-memory.dmp

Filesize
1.0MB

Download
memory/2464-1-0x0000000140000000-0x000000014010A000-memory.dmp

Filesize
1.0MB

Download
memory/2464-3-0x0000000140000000-0x000000014010A000-memory.dmp

Filesize
1.0MB

Download