Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
23/07/2024, 01:09
Behavioral task
behavioral1
Sample
658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe
Resource
win7-20240708-en
4 signatures
150 seconds
General
-
Target
658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe
-
Size
247KB
-
MD5
658ca5b507bdfa864633fd27454cea18
-
SHA1
b33a6f06736435ed5f7ab210d5ab2d21bb5bdd14
-
SHA256
0814fa455db3b9275edc128c4a2843fd2c80399df3afe72f769de8dd3ffbf3d0
-
SHA512
28f67e7d1b0c53dd146602083da11d9faf1d5abedc8120ee4b6684f2cb94d72110810fd2aa2057026e7c9cce9047a3f7fd5db2e078a4942e3038b89c381bffa5
-
SSDEEP
6144:dFRaI2EqBP/WsZL1PgLl4w0AidVym0EnarUBYVsv:nR72EqluswR45JTnaEY2
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2416-0-0x0000000000400000-0x00000000004B5000-memory.dmp upx behavioral1/memory/2416-2-0x0000000000400000-0x00000000004B5000-memory.dmp upx behavioral1/memory/2416-3-0x0000000000400000-0x00000000004B5000-memory.dmp upx behavioral1/memory/2416-4-0x0000000000400000-0x00000000004B5000-memory.dmp upx behavioral1/memory/2416-6-0x0000000000400000-0x00000000004B5000-memory.dmp upx behavioral1/memory/2416-7-0x0000000000400000-0x00000000004B5000-memory.dmp upx behavioral1/memory/2416-8-0x0000000000400000-0x00000000004B5000-memory.dmp upx behavioral1/memory/2416-9-0x0000000000400000-0x00000000004B5000-memory.dmp upx behavioral1/memory/2416-10-0x0000000000400000-0x00000000004B5000-memory.dmp upx behavioral1/memory/2416-11-0x0000000000400000-0x00000000004B5000-memory.dmp upx behavioral1/memory/2416-12-0x0000000000400000-0x00000000004B5000-memory.dmp upx behavioral1/memory/2416-13-0x0000000000400000-0x00000000004B5000-memory.dmp upx behavioral1/memory/2416-14-0x0000000000400000-0x00000000004B5000-memory.dmp upx behavioral1/memory/2416-15-0x0000000000400000-0x00000000004B5000-memory.dmp upx behavioral1/memory/2416-16-0x0000000000400000-0x00000000004B5000-memory.dmp upx behavioral1/memory/2416-17-0x0000000000400000-0x00000000004B5000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 23 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeSecurityPrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeTakeOwnershipPrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeLoadDriverPrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeSystemProfilePrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeSystemtimePrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeProfSingleProcessPrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeCreatePagefilePrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeBackupPrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeRestorePrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeShutdownPrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeDebugPrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeSystemEnvironmentPrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeChangeNotifyPrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeRemoteShutdownPrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeUndockPrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeManageVolumePrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeImpersonatePrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: SeCreateGlobalPrivilege 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: 33 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: 34 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe Token: 35 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2416 658ca5b507bdfa864633fd27454cea18_JaffaCakes118.exe