905c3968a3196073d89b3f296162069cc9c8b069839d4ececae7a2a943da272e

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 02:01

Target

37e92efc202209ad3bfc4366ee8eac13_JaffaCakes118.exe
Size

9KB
MD5

37e92efc202209ad3bfc4366ee8eac13
SHA1

2da4b89a399faa3544a08b75f3c389501784b494
SHA256

905c3968a3196073d89b3f296162069cc9c8b069839d4ececae7a2a943da272e
SHA512

e3a8c8a6e28d3429f0437c69a1686f74bc608986420b44537de483d3f626e7d3b60bf2c07619eaa93bb9833204c1b998d24d5d798c62b870fd9153acf7d6a071
SSDEEP

192:sBksurEXVwVt7eMZZ3I93VnjdwCzW3aqUzW7:YVw37eMsFnhwCK6W

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3660	37e92efc202209ad3bfc4366ee8eac13_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\37e92efc202209ad3bfc4366ee8eac13_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\37e92efc202209ad3bfc4366ee8eac13_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3660

memory/3660-1-0x0000000000810000-0x0000000000818000-memory.dmp

Filesize
32KB

Download
memory/3660-0-0x00007FFD4F463000-0x00007FFD4F465000-memory.dmp

Filesize
8KB

Download
memory/3660-2-0x0000000000FE0000-0x0000000000FF2000-memory.dmp

Filesize
72KB

Download
memory/3660-3-0x0000000001180000-0x00000000011BC000-memory.dmp

Filesize
240KB

Download
memory/3660-4-0x00007FFD4F460000-0x00007FFD4FF21000-memory.dmp

Filesize
10.8MB

Download
memory/3660-5-0x00007FFD4F460000-0x00007FFD4FF21000-memory.dmp

Filesize
10.8MB

Download
memory/3660-6-0x00007FFD4F460000-0x00007FFD4FF21000-memory.dmp

Filesize
10.8MB

Download