4c73d23d866eacbd8d16ed7cd045f24979734901d2ae4420a2f98a94bea88be3

Analysis

max time kernel
95s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08-07-2024 18:45

Target

2d6df574ed67dd1e6f04ea4977b01912_JaffaCakes118.exe
Size

128KB
MD5

2d6df574ed67dd1e6f04ea4977b01912
SHA1

371ecc2fcaa2bc19b7bb66700df55aa85963df53
SHA256

4c73d23d866eacbd8d16ed7cd045f24979734901d2ae4420a2f98a94bea88be3
SHA512

177c36aecb508f2345db91e0495f5b58a7b2cfb9e414d157e79edc4dbe4f489853c4b1625b9c519f166acfc56a3576650b9c08c7d55fd4b56b469b62d3a87600
SSDEEP

3072:G/6wJQi3diipak1sGb6cUmGvmul4VKwXzvdoG69o0:06tiNik/YnlEJBg

Score

1^/10

Suspicious use of AdjustPrivilegeToken 32 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3912	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3912	msiexec.exe
Token: SeSecurityPrivilege	3452	msiexec.exe
Token: SeCreateTokenPrivilege	3912	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3912	msiexec.exe
Token: SeLockMemoryPrivilege	3912	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3912	msiexec.exe
Token: SeMachineAccountPrivilege	3912	msiexec.exe
Token: SeTcbPrivilege	3912	msiexec.exe
Token: SeSecurityPrivilege	3912	msiexec.exe
Token: SeTakeOwnershipPrivilege	3912	msiexec.exe
Token: SeLoadDriverPrivilege	3912	msiexec.exe
Token: SeSystemProfilePrivilege	3912	msiexec.exe
Token: SeSystemtimePrivilege	3912	msiexec.exe
Token: SeProfSingleProcessPrivilege	3912	msiexec.exe
Token: SeIncBasePriorityPrivilege	3912	msiexec.exe
Token: SeCreatePagefilePrivilege	3912	msiexec.exe
Token: SeCreatePermanentPrivilege	3912	msiexec.exe
Token: SeBackupPrivilege	3912	msiexec.exe
Token: SeRestorePrivilege	3912	msiexec.exe
Token: SeShutdownPrivilege	3912	msiexec.exe
Token: SeDebugPrivilege	3912	msiexec.exe
Token: SeAuditPrivilege	3912	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3912	msiexec.exe
Token: SeChangeNotifyPrivilege	3912	msiexec.exe
Token: SeRemoteShutdownPrivilege	3912	msiexec.exe
Token: SeUndockPrivilege	3912	msiexec.exe
Token: SeSyncAgentPrivilege	3912	msiexec.exe
Token: SeEnableDelegationPrivilege	3912	msiexec.exe
Token: SeManageVolumePrivilege	3912	msiexec.exe
Token: SeImpersonatePrivilege	3912	msiexec.exe
Token: SeCreateGlobalPrivilege	3912	msiexec.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4264 wrote to memory of 1144	4264	2d6df574ed67dd1e6f04ea4977b01912_JaffaCakes118.exe	83
PID 4264 wrote to memory of 1144	4264	2d6df574ed67dd1e6f04ea4977b01912_JaffaCakes118.exe	83
PID 4264 wrote to memory of 1144	4264	2d6df574ed67dd1e6f04ea4977b01912_JaffaCakes118.exe	83
PID 1144 wrote to memory of 3912	1144	cmd.exe	85
PID 1144 wrote to memory of 3912	1144	cmd.exe	85
PID 1144 wrote to memory of 3912	1144	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\2d6df574ed67dd1e6f04ea4977b01912_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2d6df574ed67dd1e6f04ea4977b01912_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4264
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Windows\Temp\a00995.bat" "C:\Users\Admin\AppData\Local\Temp\2d6df574ed67dd1e6f04ea4977b01912_JaffaCakes118.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1144
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe /i "AcronisTrueImageSetup.msi" PIDKEY=AUPNP-VJ7QU-VEA2N-T3Q46-Y3ZJ9 /qn /norestart
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3912

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3452

C:\Windows\Temp\a00995.bat

Filesize
106B

MD5
9fc60ebbb81eab4f4d0a4efc1b18c949

SHA1
fe71d13192e776d112d8643e25e3cc0cb92b05a3

SHA256
3c23bb8d49aab0a5bc76366b9934a2c33e69ebd34340d1c8a39bec39ddde884d

SHA512
d5d04e3b9f3009688fe032ac411ccbc3ae261c1eea11600d83cd31bc2dd37875a7be500ddc339a9b6083117e72a9062932a8f1a51e5d920678829a27aa8d0ce6

Download Submit
memory/4264-4-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download