a02371171ed13a03f2c9346ad920860c82ba1a585675deab3e0e0ed5ca18de43

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 20:27

Target

4338856e24e777ed5f97f52c7daea926_JaffaCakes118.exe
Size

206KB
MD5

4338856e24e777ed5f97f52c7daea926
SHA1

2aa5c4357076a5a09e654bab1be2594b1348fd8d
SHA256

a02371171ed13a03f2c9346ad920860c82ba1a585675deab3e0e0ed5ca18de43
SHA512

a1215f319501e2b5e9f8e58e84768f6f851d739262774dcdb30520950c5de6cce13b8e881cc6d524bfa62dcb910247f783b48fe76386a5a17213fabad688d288
SSDEEP

3072:ZTGCNnKpsTYBFK30sG5kHVPehPbJqcAuAyc9MCCjupw5gDz0QI2Kj:ZTZxKOwY3iaHdrycSCaz5pQI2

Score

7^/10

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	94.242.250.64

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1460	4338856e24e777ed5f97f52c7daea926_JaffaCakes118.exe
1460	4338856e24e777ed5f97f52c7daea926_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1460	4338856e24e777ed5f97f52c7daea926_JaffaCakes118.exe
Token: SeDebugPrivilege	1460	4338856e24e777ed5f97f52c7daea926_JaffaCakes118.exe

memory/1460-1-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1460-0-0x0000000000412000-0x0000000000416000-memory.dmp

Filesize
16KB

Download
memory/1460-2-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1460-3-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1460-4-0x0000000000412000-0x0000000000416000-memory.dmp

Filesize
16KB

Download