c44818f7ec808678b81629d8094534a1260bcb55619519afae25ca3aaf54df85

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2024, 10:17

Target

03047a6328b5d20fb35c3a4fbdaac2f1_JaffaCakes118.exe
Size

570KB
MD5

03047a6328b5d20fb35c3a4fbdaac2f1
SHA1

f403c6105be1758f0d28f31f0f2d5aef26a9bfef
SHA256

c44818f7ec808678b81629d8094534a1260bcb55619519afae25ca3aaf54df85
SHA512

4d471c053b9457517ec140f5ebc31a37a8060ac6b2b21904f66f8360dbf88d3828409606542cad118886529e3e303fdd92f170a63de9a73f6f6ec60b08436a09
SSDEEP

12288:MLry/neyx7f/A64iPs/n4fYVhRrZE2mcfBXpa+fP74:qKeyxTAJt4owaZXU+fD4

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2940	agtfetzgtktae.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\phkdki\agtfetzgtktae.exe	03047a6328b5d20fb35c3a4fbdaac2f1_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 772 wrote to memory of 2940	772	03047a6328b5d20fb35c3a4fbdaac2f1_JaffaCakes118.exe	86
PID 772 wrote to memory of 2940	772	03047a6328b5d20fb35c3a4fbdaac2f1_JaffaCakes118.exe	86
PID 772 wrote to memory of 2940	772	03047a6328b5d20fb35c3a4fbdaac2f1_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\03047a6328b5d20fb35c3a4fbdaac2f1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\03047a6328b5d20fb35c3a4fbdaac2f1_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:772
- C:\Program Files (x86)\phkdki\agtfetzgtktae.exe
  "C:\Program Files (x86)\phkdki\agtfetzgtktae.exe"
  2⤵
  - Executes dropped EXE
  PID:2940

C:\Program Files (x86)\phkdki\agtfetzgtktae.exe

Filesize
595KB

MD5
9e15e190e44e243ea82b070d1a0c4980

SHA1
a3594649fda606eeaa764dca4fe2a21395bbd913

SHA256
0f6a2d7ee7d2d886c308f76cee4528b09e149acc0f6908c11200375c4bd57fc2

SHA512
75a95f7661a50251aab2997b185c2b52a2094b426e6f9e16a42d373d124221c79b1112e2fd3b3f55f8ff3446363406d2f65be81966b49d8b431781c1e0538d45

Download Submit
memory/772-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/772-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/772-5-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2940-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2940-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download