6dfe8d9ce8d131a23e33447dbb3656232e54f4b276022e96fd28c24d28dd6eeb

Analysis

max time kernel
133s
max time network
135s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 16:57

Target

4a92b54b6b53a694c865c4071933f8bf_JaffaCakes118.exe
Size

410KB
MD5

4a92b54b6b53a694c865c4071933f8bf
SHA1

d5abfdd1b94dee910e8b56c6b1ad2a52b90266d1
SHA256

6dfe8d9ce8d131a23e33447dbb3656232e54f4b276022e96fd28c24d28dd6eeb
SHA512

956b36b3207c5b6124928a27f6f4f765f194a1c587effef96ab4e44b8f948f4002aa093b42dbf53e1f4e87cd2229014ba1d371c7b11dcc2888433c51705f79bc
SSDEEP

12288:QPHqJonCaD5dXmyllzke1vtd4d8gkDukSO4:QPKwD5dXmyH/1Fd4dDkDuX

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1228	qq.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\qq.exe	4a92b54b6b53a694c865c4071933f8bf_JaffaCakes118.exe
File opened for modification	C:\Windows\qq.exe	4a92b54b6b53a694c865c4071933f8bf_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2556	4a92b54b6b53a694c865c4071933f8bf_JaffaCakes118.exe
Token: SeDebugPrivilege	1228	qq.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1228	qq.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1228	qq.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 1228	2556	4a92b54b6b53a694c865c4071933f8bf_JaffaCakes118.exe	30
PID 2556 wrote to memory of 1228	2556	4a92b54b6b53a694c865c4071933f8bf_JaffaCakes118.exe	30
PID 2556 wrote to memory of 1228	2556	4a92b54b6b53a694c865c4071933f8bf_JaffaCakes118.exe	30
PID 2556 wrote to memory of 1228	2556	4a92b54b6b53a694c865c4071933f8bf_JaffaCakes118.exe	30

C:\Windows\qq.exe

Filesize
410KB

MD5
4a92b54b6b53a694c865c4071933f8bf

SHA1
d5abfdd1b94dee910e8b56c6b1ad2a52b90266d1

SHA256
6dfe8d9ce8d131a23e33447dbb3656232e54f4b276022e96fd28c24d28dd6eeb

SHA512
956b36b3207c5b6124928a27f6f4f765f194a1c587effef96ab4e44b8f948f4002aa093b42dbf53e1f4e87cd2229014ba1d371c7b11dcc2888433c51705f79bc

Download Submit
memory/1228-12-0x0000000000400000-0x000000000065D000-memory.dmp

Filesize
2.4MB

Download
memory/1228-14-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1228-15-0x0000000000400000-0x000000000065D000-memory.dmp

Filesize
2.4MB

Download
memory/2556-1-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2556-0-0x0000000000400000-0x000000000065D000-memory.dmp

Filesize
2.4MB

Download
memory/2556-5-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2556-11-0x0000000003300000-0x000000000355D000-memory.dmp

Filesize
2.4MB

Download
memory/2556-9-0x0000000003300000-0x000000000355D000-memory.dmp

Filesize
2.4MB

Download
memory/2556-13-0x0000000000400000-0x000000000065D000-memory.dmp

Filesize
2.4MB

Download