c18ad10d7df97a154b9ead604fcd32b7d052ff5d8ea3d3f936a860b5fd32dd42

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 06:32 UTC

Target

1920fd7bf33f0e909359b2f6ed03f914_JaffaCakes118.exe
Size

87KB
MD5

1920fd7bf33f0e909359b2f6ed03f914
SHA1

b050f860e10621dcb22ca3246b34c916ad26e7ae
SHA256

c18ad10d7df97a154b9ead604fcd32b7d052ff5d8ea3d3f936a860b5fd32dd42
SHA512

3ce1d5f2a078fc358edd6eb2245b73f1f7b5678ca663d9b43c6ecee670f75faa208d16cb894d08f467faf77af4ef64c03cc6d4c1cd5006a981f02022236fc799
SSDEEP

1536:rac/aP0xf7lFcCQTuSslO0qAVGREKwamOnO+zRSew:raFP0mTuhOQRCO+zML

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2440	1920fd7bf33f0e909359b2f6ed03f914_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\1920fd7bf33f0e909359b2f6ed03f914_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1920fd7bf33f0e909359b2f6ed03f914_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2440

memory/2440-0-0x00000000748A1000-0x00000000748A2000-memory.dmp

Filesize
4KB

Download
memory/2440-1-0x00000000748A0000-0x0000000074E4B000-memory.dmp

Filesize
5.7MB

Download
memory/2440-2-0x00000000748A0000-0x0000000074E4B000-memory.dmp

Filesize
5.7MB

Download
memory/2440-3-0x00000000748A0000-0x0000000074E4B000-memory.dmp

Filesize
5.7MB

Download