3e96299d4354f9f70e0433ba0bdbb8a2d06544b46ae94086b60b87ecea1a896e

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/03/2024, 15:02

Target

08b0dbe8aa257ccc7789b896d892af7c_JaffaCakes118.exe
Size

851KB
MD5

08b0dbe8aa257ccc7789b896d892af7c
SHA1

b3da016da1b96ed332ae2159a8921b515f96a1eb
SHA256

3e96299d4354f9f70e0433ba0bdbb8a2d06544b46ae94086b60b87ecea1a896e
SHA512

c65e2a33e24e1a2dadff25239a52739779f366d706d245f4c9188a3dc24eea9bc1bc771e7f0f2329746a3172e41c21f6282f76a7b099432d8fac7245df0dc1ba
SSDEEP

24576:qKeyxTAJj7P+yWwWAnCpzg+iP6SSyQliaSwh:qKeyRA0yzW13Fyeqwh

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2692	aiwnc.exe

Loads dropped DLL 1 IoCs

pid	Process
2764	08b0dbe8aa257ccc7789b896d892af7c_JaffaCakes118.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\nykfhxadt\aiwnc.exe	08b0dbe8aa257ccc7789b896d892af7c_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 2692	2764	08b0dbe8aa257ccc7789b896d892af7c_JaffaCakes118.exe	28
PID 2764 wrote to memory of 2692	2764	08b0dbe8aa257ccc7789b896d892af7c_JaffaCakes118.exe	28
PID 2764 wrote to memory of 2692	2764	08b0dbe8aa257ccc7789b896d892af7c_JaffaCakes118.exe	28
PID 2764 wrote to memory of 2692	2764	08b0dbe8aa257ccc7789b896d892af7c_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\08b0dbe8aa257ccc7789b896d892af7c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\08b0dbe8aa257ccc7789b896d892af7c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Program Files (x86)\nykfhxadt\aiwnc.exe
  "C:\Program Files (x86)\nykfhxadt\aiwnc.exe"
  2⤵
  - Executes dropped EXE
  PID:2692

\Program Files (x86)\nykfhxadt\aiwnc.exe

Filesize
878KB

MD5
be358cf73b0eddbb09382dc667c8aa92

SHA1
dc4494344dcf6db99cb695708de45b5b57723dba

SHA256
d25d1f04c4aa069a1dd674c882740038c6eb427a21a5eda5941a980ae91330d0

SHA512
0280ecc3d6ff85a8ab935b0abef65de41db9be7e7fb9585eae8ae71312c2fc9fed37942a9d576db4abfeba303c8d536deb3303ce71a0175e11fd383b34facafe

Download Submit
memory/2692-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2692-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2764-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2764-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2764-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download