cfc395fcdd7733946cab8e16953149ceb0841758004e9bfcaf9a9aa57e6b2be5

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/03/2024, 04:51

Target

18dc771fdf1a3e1b7768b47b8a15b258_JaffaCakes118.exe
Size

1.9MB
MD5

18dc771fdf1a3e1b7768b47b8a15b258
SHA1

a5ebc43a0cc56727a4ddad706ae915aedd952f3c
SHA256

cfc395fcdd7733946cab8e16953149ceb0841758004e9bfcaf9a9aa57e6b2be5
SHA512

d6ce96f88d8fffdb3303dbedca606bece7b531d76f4136b5021c09b1b1014f1d08cdce2cdbc2d557798d844ea5e739405e048bf7547034ae3500db0650b92279
SSDEEP

49152:Qoa1taC070dUX8hUn+Cj0KxY8C6ZgPNbEAUEB:Qoa1taC03XQaj0KzZgPKAX

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2088	16AC.tmp

Executes dropped EXE 1 IoCs

pid	Process
2088	16AC.tmp

Loads dropped DLL 1 IoCs

pid	Process
1724	18dc771fdf1a3e1b7768b47b8a15b258_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2088	1724	18dc771fdf1a3e1b7768b47b8a15b258_JaffaCakes118.exe	28
PID 1724 wrote to memory of 2088	1724	18dc771fdf1a3e1b7768b47b8a15b258_JaffaCakes118.exe	28
PID 1724 wrote to memory of 2088	1724	18dc771fdf1a3e1b7768b47b8a15b258_JaffaCakes118.exe	28
PID 1724 wrote to memory of 2088	1724	18dc771fdf1a3e1b7768b47b8a15b258_JaffaCakes118.exe	28

\Users\Admin\AppData\Local\Temp\16AC.tmp

Filesize
1.9MB

MD5
6d05870ce51823903f57cd07d5f5153d

SHA1
6fe581a22fbcb3d9c36914c1c498e0791760a49b

SHA256
e7676ec7f799c2e90a504f8b06458c69077dacca01a31144918323e49b73e2b4

SHA512
b8de6d5d9049a3a24514ac2f2c3227166adedb2b70cfb4f4004f8acd9a43266f2299811a7f9ff9b4b10c44baee9c391ba98d0f7fedad2f4029b2514d1b4cd31e

Download Submit
memory/1724-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/2088-6-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download