db5c183da502d44a56f4632c7d5c91e05d9bcbf366a4ec57d5d8b959f8575ba4 | Triage

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 22:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2e0cf4fc2da6dbbeb5beb0ea51217c63_JaffaCakes118.exe
Size

18KB
MD5

2e0cf4fc2da6dbbeb5beb0ea51217c63
SHA1

cf74c35c187cee8fea0e02ac9a0e94e172a6e173
SHA256

db5c183da502d44a56f4632c7d5c91e05d9bcbf366a4ec57d5d8b959f8575ba4
SHA512

918eff5d1462d4291c637d8d43676a2513e662c249099e15bf31e39159aa1e4253b3232b210461dc1fb1d5ecbb1352d32b6e8ca63f03deefe584ff68e2e4c76d
SSDEEP

384:JUA29GyS43OdZr/h0NXBiFtuDiH5Npzs:Jm9NJerLh0hBqtBds

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4712	2e0cf4fc2da6dbbeb5beb0ea51217c63_JaffaCakes118.exe
4712	2e0cf4fc2da6dbbeb5beb0ea51217c63_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4712	2e0cf4fc2da6dbbeb5beb0ea51217c63_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2e0cf4fc2da6dbbeb5beb0ea51217c63_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2e0cf4fc2da6dbbeb5beb0ea51217c63_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4712-0-0x0000000000430000-0x0000000000432000-memory.dmp

Filesize
8KB

Download
memory/4712-1-0x0000000000430000-0x0000000000432000-memory.dmp

Filesize
8KB

Download