720343f44ba5fe1f5e0182dd20dbb9607fe3b62fa2492a1a6469ad1d6d84cc17

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 21:11

Target

3665a697a5af6026e8f016858a8695bb_JaffaCakes118.exe
Size

54KB
MD5

3665a697a5af6026e8f016858a8695bb
SHA1

2e8d756dc10dec07bac412c330de8315478c0511
SHA256

720343f44ba5fe1f5e0182dd20dbb9607fe3b62fa2492a1a6469ad1d6d84cc17
SHA512

b4a649a0dfe5b8ef72465c306dfcf43bd8e5b5dcc223efd3baa1c1e80ac6ca4450a8864eee29c13c550f5fc1fe2b8df6e340fb5bae46fb97b3c81e26064ebfa8
SSDEEP

768:m127KLLeAVZosTcdrb1/ZYxGuvC6UQTKc87TcELS+:m19LLpVLibHYQdQITcEe+

Score

1^/10

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

fltmc.exe

pid process

4532 fltmc.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

fltmc.exe

description pid process

Token: SeLoadDriverPrivilege 4532 fltmc.exe

pid	process
4532	fltmc.exe

description	pid	process
Token: SeLoadDriverPrivilege	4532	fltmc.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

3665a697a5af6026e8f016858a8695bb_JaffaCakes118.exe

description	pid	process	target process
PID 2960 wrote to memory of 4532	2960	3665a697a5af6026e8f016858a8695bb_JaffaCakes118.exe	fltmc.exe
PID 2960 wrote to memory of 4532	2960	3665a697a5af6026e8f016858a8695bb_JaffaCakes118.exe	fltmc.exe
PID 2960 wrote to memory of 4532	2960	3665a697a5af6026e8f016858a8695bb_JaffaCakes118.exe	fltmc.exe

C:\Users\Admin\AppData\Local\Temp\3665a697a5af6026e8f016858a8695bb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3665a697a5af6026e8f016858a8695bb_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2960