1d97db74342a8baf78d8cff1b76a862c856e1c2ddf0ff1be0fffddfc71906c6c

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24-07-2024 01:55

Target

69d2fefce56f7e3d88e6d385f38a8b7f_JaffaCakes118.exe
Size

9KB
MD5

69d2fefce56f7e3d88e6d385f38a8b7f
SHA1

689ee74ca418ce2785ba9de969defdde1aed9d69
SHA256

1d97db74342a8baf78d8cff1b76a862c856e1c2ddf0ff1be0fffddfc71906c6c
SHA512

07d640f7d6c96287a93ea717eafa0f853bbecb1fd502dc99796a9737e5925e351fc9c3ff3077fe50f06c3acd27425bd595815b44abb9786f9d64b4d177ffa648
SSDEEP

192:rBksub9MuIadeMZZ3x93Vnjdwqzr30XtCypJ:clfdeMbFnhwq3ED

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2800	69d2fefce56f7e3d88e6d385f38a8b7f_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2240	2800	69d2fefce56f7e3d88e6d385f38a8b7f_JaffaCakes118.exe	31
PID 2800 wrote to memory of 2240	2800	69d2fefce56f7e3d88e6d385f38a8b7f_JaffaCakes118.exe	31
PID 2800 wrote to memory of 2240	2800	69d2fefce56f7e3d88e6d385f38a8b7f_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\69d2fefce56f7e3d88e6d385f38a8b7f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\69d2fefce56f7e3d88e6d385f38a8b7f_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2800 -s 892
  2⤵
  PID:2240

memory/2800-0-0x000007FEF5263000-0x000007FEF5264000-memory.dmp

Filesize
4KB

Download
memory/2800-1-0x0000000000F00000-0x0000000000F08000-memory.dmp

Filesize
32KB

Download
memory/2800-2-0x000007FEF5260000-0x000007FEF5C4C000-memory.dmp

Filesize
9.9MB

Download
memory/2800-3-0x000007FEF5263000-0x000007FEF5264000-memory.dmp

Filesize
4KB

Download
memory/2800-4-0x000007FEF5260000-0x000007FEF5C4C000-memory.dmp

Filesize
9.9MB

Download