d4b74951e4ec190969ca43ddab90cfcff715d49cd57af10e237c479da7d2d517

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 11:51

Target

73ef87390c29de1041ff02cd5fa0cd32_JaffaCakes118.exe
Size

60KB
MD5

73ef87390c29de1041ff02cd5fa0cd32
SHA1

4743137cffedbad3da31939d7be5dd4a9b78ff42
SHA256

d4b74951e4ec190969ca43ddab90cfcff715d49cd57af10e237c479da7d2d517
SHA512

2afff2a909fc846b317b228233616d3ebf9377585f0df7cfef2c7fbf003fa24511b19f489b0ceee319bada36fb2958e93f38f5f9e3fc808524429a2608a16ab5
SSDEEP

1536:RLtQ80ymGzLoe84t5nB61Y/rIXShg8FYo+Fb:U88GzLoelB64rG8kF

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Ir32_a.exe	73ef87390c29de1041ff02cd5fa0cd32_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2064	73ef87390c29de1041ff02cd5fa0cd32_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2064	73ef87390c29de1041ff02cd5fa0cd32_JaffaCakes118.exe
Token: SeSystemtimePrivilege	2064	73ef87390c29de1041ff02cd5fa0cd32_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 1 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 1216	2064	73ef87390c29de1041ff02cd5fa0cd32_JaffaCakes118.exe	20

memory/1216-2-0x00000000021E0000-0x00000000021E8000-memory.dmp

Filesize
32KB

Download
memory/2064-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2064-3-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download