b6305a7b64262975cf5f9bcf85be6b5eace17644e99c811dc346dc78dfb1a1fc

Analysis

max time kernel
93s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 14:48

Target

fc86d6fe5bda9b37762e5ebede30543a_JaffaCakes118.exe
Size

9KB
MD5

fc86d6fe5bda9b37762e5ebede30543a
SHA1

f60a79a2c4004db83a12893f3f559f43c1fd1c05
SHA256

b6305a7b64262975cf5f9bcf85be6b5eace17644e99c811dc346dc78dfb1a1fc
SHA512

9c0770144df2f7d5033994744e3b2ef636513a138723191f98de043e3cce67867d58e93cb390286e00ee953486e0636d073fa2674cd541d9db328903618a1341
SSDEEP

192:wQBksuvPY82gQv5F46tdeMZZ3+93VnjdwCzmuh3ikvhn:wk82l46tdeMaFnhwCVykvh

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3444	fc86d6fe5bda9b37762e5ebede30543a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fc86d6fe5bda9b37762e5ebede30543a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fc86d6fe5bda9b37762e5ebede30543a_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3444

memory/3444-0-0x00007FFE9E373000-0x00007FFE9E375000-memory.dmp

Filesize
8KB

Download
memory/3444-1-0x0000000000800000-0x0000000000808000-memory.dmp

Filesize
32KB

Download
memory/3444-2-0x00000000028A0000-0x00000000028B2000-memory.dmp

Filesize
72KB

Download
memory/3444-3-0x000000001B2E0000-0x000000001B31C000-memory.dmp

Filesize
240KB

Download
memory/3444-4-0x00007FFE9E370000-0x00007FFE9EE31000-memory.dmp

Filesize
10.8MB

Download
memory/3444-5-0x00007FFE9E373000-0x00007FFE9E375000-memory.dmp

Filesize
8KB

Download
memory/3444-6-0x000000001B680000-0x000000001B782000-memory.dmp

Filesize
1.0MB

Download
memory/3444-7-0x00007FFE9E370000-0x00007FFE9EE31000-memory.dmp

Filesize
10.8MB

Download
memory/3444-10-0x00007FFE9E370000-0x00007FFE9EE31000-memory.dmp

Filesize
10.8MB

Download