Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 19:12
Behavioral task
behavioral1
Sample
131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe
Resource
win7-20240508-en
3 signatures
150 seconds
General
-
Target
131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe
-
Size
745KB
-
MD5
131bb4461a6f2d9ca512443202f79b7a
-
SHA1
4f40877885f93d1fc7a67465daaa973a211c8a13
-
SHA256
49e386f2c5b9930219e802111fa2e52cc29345ab5ca5cf05bbe5242be381625f
-
SHA512
3f3c7613d16373faaf20956c08a39a0f55dff55c6da1043a75916e608b783256d0dc5d60be63889db282ed2541ff20f9d5c24a9754d7ceebc37013810b8507fc
-
SSDEEP
12288:96A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTvf2wqMd0QZh9u:wAmBpVKHu0Mu9Xo20VGLVvOwD0QZh9u
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 24 IoCs
Processes:
131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exedescription pid process Token: SeIncreaseQuotaPrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeSecurityPrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeTakeOwnershipPrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeLoadDriverPrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeSystemProfilePrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeSystemtimePrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeProfSingleProcessPrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeCreatePagefilePrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeBackupPrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeRestorePrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeShutdownPrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeDebugPrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeSystemEnvironmentPrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeChangeNotifyPrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeRemoteShutdownPrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeUndockPrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeManageVolumePrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeImpersonatePrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: SeCreateGlobalPrivilege 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: 33 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: 34 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: 35 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe Token: 36 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exepid process 4400 131bb4461a6f2d9ca512443202f79b7a_JaffaCakes118.exe