8699cef4c9f18dac9b0167c194630300b263e524fd33619d4503bae0694db9a6

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/03/2024, 01:10

Target

14ba3d64ae6ff703a73512060bec75da_JaffaCakes118.exe
Size

1.9MB
MD5

14ba3d64ae6ff703a73512060bec75da
SHA1

f7602ea045d1a045e98f3c7f397d6b10d489b940
SHA256

8699cef4c9f18dac9b0167c194630300b263e524fd33619d4503bae0694db9a6
SHA512

f026e366287abcd0677df1215bc491c042eadd812f467fc4b11ac1d943b57eb002054f57739e2ddc7e29336876a89db7dce8d9286f7d3f8a35f3cd3945e4ac65
SSDEEP

49152:Qoa1taC070d/CvsEQUYORSM25I5ZObVATr8xTP0P:Qoa1taC0DsLM2yZOyUxTcP

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2996	2DB5.tmp

Executes dropped EXE 1 IoCs

pid	Process
2996	2DB5.tmp

Loads dropped DLL 1 IoCs

pid	Process
2188	14ba3d64ae6ff703a73512060bec75da_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2996	2188	14ba3d64ae6ff703a73512060bec75da_JaffaCakes118.exe	28
PID 2188 wrote to memory of 2996	2188	14ba3d64ae6ff703a73512060bec75da_JaffaCakes118.exe	28
PID 2188 wrote to memory of 2996	2188	14ba3d64ae6ff703a73512060bec75da_JaffaCakes118.exe	28
PID 2188 wrote to memory of 2996	2188	14ba3d64ae6ff703a73512060bec75da_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\2DB5.tmp

Filesize
1.9MB

MD5
23764606c5ebac413189dbb974b197bb

SHA1
306287d36e2479717e47063883c350cbc805115d

SHA256
eb79501de60c020380323df5fac652893f37260d88443d80900ef387274848b6

SHA512
0ec26fb1c312d422ee067a98d8b949bf38b739acf3e51bf00d168b2efcede030fd9e9872a328534a3325b7e474d22de16001cd06b1d139eee7cd6a242d749fe2

Download Submit
memory/2188-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/2996-6-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download