d0d2af58004b8302ae30202705031a005c4a6318072174f4b109df01e96369da

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-03-2024 21:23

Target

105fb0d16f98234f6a1f612ab25ffeb7_JaffaCakes118.exe
Size

2.4MB
MD5

105fb0d16f98234f6a1f612ab25ffeb7
SHA1

f7b7f823633078f81d1dc4fb065c252a42d2f004
SHA256

d0d2af58004b8302ae30202705031a005c4a6318072174f4b109df01e96369da
SHA512

7ad59aefd8ec9de88a02035525ed707b47b13540ff221838785629c6f4148d78980f0d9f48dd8b29f05d506dcc7a05a67ee503c1c5b8de0814c7a9e61e9b3e91
SSDEEP

49152:dqgazxcGYN139lnk30raxpFkoX/Amq3I2koHtH:dqgazxc5H39ln2Nqq/G30oHtH

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2680	zxibnlmkxrzv.exe

Loads dropped DLL 1 IoCs

pid	Process
1692	105fb0d16f98234f6a1f612ab25ffeb7_JaffaCakes118.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ygqyseuz\zxibnlmkxrzv.exe	105fb0d16f98234f6a1f612ab25ffeb7_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 2680	1692	105fb0d16f98234f6a1f612ab25ffeb7_JaffaCakes118.exe	28
PID 1692 wrote to memory of 2680	1692	105fb0d16f98234f6a1f612ab25ffeb7_JaffaCakes118.exe	28
PID 1692 wrote to memory of 2680	1692	105fb0d16f98234f6a1f612ab25ffeb7_JaffaCakes118.exe	28
PID 1692 wrote to memory of 2680	1692	105fb0d16f98234f6a1f612ab25ffeb7_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\105fb0d16f98234f6a1f612ab25ffeb7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\105fb0d16f98234f6a1f612ab25ffeb7_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Program Files (x86)\ygqyseuz\zxibnlmkxrzv.exe
  "C:\Program Files (x86)\ygqyseuz\zxibnlmkxrzv.exe"
  2⤵
  - Executes dropped EXE
  PID:2680

\Program Files (x86)\ygqyseuz\zxibnlmkxrzv.exe

Filesize
2.5MB

MD5
fdf0411342ecdd3dadb67e27efe45846

SHA1
5817f82a513ac49cb87e011426a82d1a164d8700

SHA256
0b2feece44dcefbb1194143cb80c893411379851a367706a5fc8874e2dbe0503

SHA512
5ca41c0ed2537101709067bb8e575876e0a7781bd20713a1326ce9d4ef540fce4373fb2fe46e6f0e5c6e7854a49da093b366e4317106adfa8a89b5011f6c3fa6

Download Submit
memory/1692-5-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2680-6-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download