80d78a39e311a25fb92a1d17159964a3c5684c67e40b117f78907469017ff675

Analysis

max time kernel
95s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08/10/2024, 21:26

Target

25af915fa7df37c7f1cff3fef1c95c3a_JaffaCakes118.exe
Size

9KB
MD5

25af915fa7df37c7f1cff3fef1c95c3a
SHA1

29495a76ce51fb107e6a219949fb4a3b32b557c5
SHA256

80d78a39e311a25fb92a1d17159964a3c5684c67e40b117f78907469017ff675
SHA512

280770ba77cbd6237e9c72a2e22a59f1a9bcd78c9d67046e2928dcadc43be18fdcbfd7e541127506da9ba131d7af1323b6bcae2d43beafd6441fbd047c6f7a9c
SSDEEP

192:WBksuLPY82gQv5F4pt5eMZZ3m93VnjdwCza3nBQ:G82l4pt5eM6FnhwCm3B

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4984	25af915fa7df37c7f1cff3fef1c95c3a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\25af915fa7df37c7f1cff3fef1c95c3a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\25af915fa7df37c7f1cff3fef1c95c3a_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4984

memory/4984-0-0x00007FFD82373000-0x00007FFD82375000-memory.dmp

Filesize
8KB

Download
memory/4984-1-0x00000000009D0000-0x00000000009D8000-memory.dmp

Filesize
32KB

Download
memory/4984-2-0x0000000002A60000-0x0000000002A72000-memory.dmp

Filesize
72KB

Download
memory/4984-3-0x0000000002AC0000-0x0000000002AFC000-memory.dmp

Filesize
240KB

Download
memory/4984-4-0x00007FFD82370000-0x00007FFD82E31000-memory.dmp

Filesize
10.8MB

Download
memory/4984-5-0x00007FFD82373000-0x00007FFD82375000-memory.dmp

Filesize
8KB

Download
memory/4984-6-0x00007FFD82370000-0x00007FFD82E31000-memory.dmp

Filesize
10.8MB

Download
memory/4984-7-0x00007FFD82370000-0x00007FFD82E31000-memory.dmp

Filesize
10.8MB

Download