Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
22-12-2024 11:31
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_4b25983cafa6eedf5235cf0cf57f7d63ac1e1a62bdadcae3c3a0264da3dfa393.ps1
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
General
-
Target
JaffaCakes118_4b25983cafa6eedf5235cf0cf57f7d63ac1e1a62bdadcae3c3a0264da3dfa393.ps1
-
Size
289KB
-
MD5
beafc2705866d8ff18bde1f67c5f7ff4
-
SHA1
7064973634124c93e45f54bffb5fca1da6fff0d3
-
SHA256
4b25983cafa6eedf5235cf0cf57f7d63ac1e1a62bdadcae3c3a0264da3dfa393
-
SHA512
f05eaa7e3de93f4a5a6e0f136e4f5601f4e7761cbb59609d0bade1f8fb142ad98a8c6fb557f2e1317a369d6722219772c6f901cb085f9b7fb3413b6a0673d465
-
SSDEEP
3072:IJKb53DCw8R4yMfMJJzD3Q3ApFTbQI8Iv1vZoZWdW:IEb5Rd1WJzD3Q3ApFTMIUZWdW
Score
3/10
Malware Config
Signatures
-
pid Process 2528 powershell.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2528 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2528 powershell.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4b25983cafa6eedf5235cf0cf57f7d63ac1e1a62bdadcae3c3a0264da3dfa393.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2528