Analysis
-
max time kernel
21s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
26-06-2024 21:11
Behavioral task
behavioral1
Sample
1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Resource
win7-20240419-en
windows7-x64
3 signatures
150 seconds
General
-
Target
1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
-
Size
745KB
-
MD5
1378915057b24801bae4f21dd3eb104a
-
SHA1
618fe84575dff84160013650177804cc1f7fd3d2
-
SHA256
27ca12ae68d4f94650bb4d61603e061684902a7f5d6598d9a0fc20f4ab80bf26
-
SHA512
3f42f1f86d22c92cf4587e6e9aa4d84981e53ac8da69e11e5edaf136ee3267802747b31958aa7fe77bfc6ec1acd259d17f6227011ae8427499e59185d0053be6
-
SSDEEP
12288:96A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTvfiwqMd0QZh9u:wAmBpVKHu0Mu9Xo20VGLVvawD0QZh9u
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 23 IoCs
Processes:
1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exedescription pid process Token: SeIncreaseQuotaPrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeSecurityPrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeTakeOwnershipPrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeLoadDriverPrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeSystemProfilePrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeSystemtimePrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeProfSingleProcessPrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeCreatePagefilePrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeBackupPrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeRestorePrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeShutdownPrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeDebugPrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeSystemEnvironmentPrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeChangeNotifyPrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeRemoteShutdownPrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeUndockPrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeManageVolumePrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeImpersonatePrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: SeCreateGlobalPrivilege 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: 33 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: 34 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe Token: 35 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exepid process 1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe