604f9cd661b10839208d2984fa5312a5bd7fac5f897b6ece474130fa35e2a902

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 02:33

Target

3fd8f5d1b4503f7f221076a98673950a_JaffaCakes118.exe
Size

1.1MB
MD5

3fd8f5d1b4503f7f221076a98673950a
SHA1

250d0100d01de920e4dfc3a57e3da1d1d8141c81
SHA256

604f9cd661b10839208d2984fa5312a5bd7fac5f897b6ece474130fa35e2a902
SHA512

519c561823b4fbd610426ca0f7a9ba8772d2b75e7e42c63bcbc51cdffe726e7c5beb61f272b6dbb2bc2540f3123d6884a0b9a93d52b517336df1f4ceb33b4e67
SSDEEP

12288:X7bC6v2Dr3azVXawqab91m3A6mz2iNHc1MwJ7D7OYyZUVwaChJuPp9NgC49Iki9K:PCZ7azVXa/aXz1Vcn5OY7sLxC44

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1744	3fd8f5d1b4503f7f221076a98673950a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3fd8f5d1b4503f7f221076a98673950a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3fd8f5d1b4503f7f221076a98673950a_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1744

memory/1744-0-0x000000007504E000-0x000000007504F000-memory.dmp

Filesize
4KB

Download
memory/1744-1-0x0000000000500000-0x0000000000624000-memory.dmp

Filesize
1.1MB

Download
memory/1744-2-0x0000000005020000-0x00000000050BC000-memory.dmp

Filesize
624KB

Download
memory/1744-3-0x0000000005670000-0x0000000005C14000-memory.dmp

Filesize
5.6MB

Download
memory/1744-4-0x00000000050C0000-0x0000000005152000-memory.dmp

Filesize
584KB

Download
memory/1744-5-0x0000000005160000-0x00000000054B4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-6-0x0000000075040000-0x00000000757F0000-memory.dmp

Filesize
7.7MB

Download
memory/1744-7-0x000000007504E000-0x000000007504F000-memory.dmp

Filesize
4KB

Download
memory/1744-8-0x0000000075040000-0x00000000757F0000-memory.dmp

Filesize
7.7MB

Download