95ab47d6087d563ac334da84a1d6368668c3d7fd655417d30e98f3f90dfb5803

Analysis

max time kernel
129s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 02:24

Target

245076135f870f2a9a3d244d9a657026_JaffaCakes118.exe
Size

22KB
MD5

245076135f870f2a9a3d244d9a657026
SHA1

f840d0a67f4e9433b06af45077202967eef8766c
SHA256

95ab47d6087d563ac334da84a1d6368668c3d7fd655417d30e98f3f90dfb5803
SHA512

46b3d068f99d1c54f6736b4643a8de312bf37b379164839a5acd45f7f4e7e15b80bcf55ca2a3e58958ca0c7fb285ff1f612aa186d2cdd12462cf9d6a4f501359
SSDEEP

384:a058NT7HBrSPYnMhIsmujkvlyIDs4Wip+fJQDJIUHQoKJx3CKomuTLizQW:abNT7AYnhsmujy3CFhE2AQoogO0

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4992-1-0x0000000000400000-0x0000000000411000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4992	245076135f870f2a9a3d244d9a657026_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\245076135f870f2a9a3d244d9a657026_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\245076135f870f2a9a3d244d9a657026_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4256,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=2808 /prefetch:8
1⤵
PID:3928

memory/4992-1-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download