561045ef4e9dcb27c926feb7fec83c76ad6b2aed29332b0d0a2ae677a96ab068

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/03/2024, 05:16

Target

195e4e2e0a07acba98f3dd1865e86d7c_JaffaCakes118.exe
Size

1.9MB
MD5

195e4e2e0a07acba98f3dd1865e86d7c
SHA1

661841e4910af440e2cafcf6eaaae38e5a2d51a2
SHA256

561045ef4e9dcb27c926feb7fec83c76ad6b2aed29332b0d0a2ae677a96ab068
SHA512

89c9c9a6cc2db21a17f90b2391562da9ddcb8b93c77eb2eab0a563b68d6abc49fa4e2700050d38d5a868e8c5a092b83a35e24e40122ff777c15d7d09db86ae69
SSDEEP

49152:Qoa1taC070dsPaQX2EG1A79i2XEZOc8VJvI:Qoa1taC0VShG9iIE0Jw

Score

7^/10

Deletes itself 1 IoCs

pid	Process
3012	5928.tmp

Executes dropped EXE 1 IoCs

pid	Process
3012	5928.tmp

Loads dropped DLL 1 IoCs

pid	Process
2200	195e4e2e0a07acba98f3dd1865e86d7c_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 3012	2200	195e4e2e0a07acba98f3dd1865e86d7c_JaffaCakes118.exe	28
PID 2200 wrote to memory of 3012	2200	195e4e2e0a07acba98f3dd1865e86d7c_JaffaCakes118.exe	28
PID 2200 wrote to memory of 3012	2200	195e4e2e0a07acba98f3dd1865e86d7c_JaffaCakes118.exe	28
PID 2200 wrote to memory of 3012	2200	195e4e2e0a07acba98f3dd1865e86d7c_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\5928.tmp

Filesize
1.9MB

MD5
b343ddc8a72157bb2a9714b5d0243f36

SHA1
284ef5e5d09f09f69ebdb3be0e77ce7a22512b73

SHA256
4bc25a1800deb890cfc4bc484ffc02d5eb1b9183896ac5dd83ca431464124415

SHA512
a88db335c7434a8ab4ea47e0ae09e75a02d71f9ca793eae76d303ba5e9f673a71c6608840d04c614bcc3e1af744bbb11a7b6e01fcc275716b88b9d2bed1bf177

Download Submit
memory/2200-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/3012-6-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download