c679696575be2a7cf5377c5edc64d2a57c207dfae2b67fb2a9f3bb4ba441b955 | Triage

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 22:57

Sharing

Report Analysis Logs

General

Target

0fd72ebd41ebcf18e866c5883a82c1f2_JaffaCakes118.exe
Size

2.3MB
MD5

0fd72ebd41ebcf18e866c5883a82c1f2
SHA1

9a957295eb3ddf0bde2ae89a6a96b5a9c6625dc9
SHA256

c679696575be2a7cf5377c5edc64d2a57c207dfae2b67fb2a9f3bb4ba441b955
SHA512

a6dc1b85d5525d9d9da79bac8a3c6845910642f796a5a3c03726d1eaa6b9070c650291738b8aeeafd555c50ca55d9b9be44e956f07edcd64577ee7e09acd551c
SSDEEP

49152:/fuCShFcEArK7Z9tYeUu9uIy9STM2/NR2:nbEAra9tYEaAN

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3196	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3196	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\0fd72ebd41ebcf18e866c5883a82c1f2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0fd72ebd41ebcf18e866c5883a82c1f2_JaffaCakes118.exe"
1⤵
PID:1340

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c8 0x464
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1340-0-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/1340-1-0x0000000000400000-0x0000000000654000-memory.dmp

Filesize
2.3MB

Download
memory/1340-3-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download