a8430771ca865a3aef81e0b6547f56f7970dac4169aaa0fbc34c4ae7c74f1931

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 11:33

Target

059c1363bac26e65520c47da47d21b16_JaffaCakes118.exe
Size

208KB
MD5

059c1363bac26e65520c47da47d21b16
SHA1

34ceaad5ee9178fa58c10f2031638b4ab70d2650
SHA256

a8430771ca865a3aef81e0b6547f56f7970dac4169aaa0fbc34c4ae7c74f1931
SHA512

66e34219203417db428a44d43a547172ac28a0649cb736b5fb95a837fe6299a799dcea2bb12701631dab24b81cbd891f57cd6d204d76df19ce7149f17fac2eb0
SSDEEP

6144:w85qIz6+naOZcx6w+TDsRAV0PHK547HRSV:VqIz6XOklNRAV0Pqa9S

Score

7^/10

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	94.242.250.64

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
832	059c1363bac26e65520c47da47d21b16_JaffaCakes118.exe
832	059c1363bac26e65520c47da47d21b16_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	832	059c1363bac26e65520c47da47d21b16_JaffaCakes118.exe
Token: SeDebugPrivilege	832	059c1363bac26e65520c47da47d21b16_JaffaCakes118.exe

memory/832-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/832-0-0x0000000000426000-0x000000000042A000-memory.dmp

Filesize
16KB

Download
memory/832-2-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/832-3-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/832-4-0x0000000000426000-0x000000000042A000-memory.dmp

Filesize
16KB

Download