540b4f21c22bc549f06adeb61317fa3409aab8a9533f78d3150f464253736425

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
29/03/2024, 09:57

Target

1f02389ebbf6c167a088968c6f49ac07_JaffaCakes118.exe
Size

323KB
MD5

1f02389ebbf6c167a088968c6f49ac07
SHA1

779acfe356fecc029fb6837302ebdbad437d03c2
SHA256

540b4f21c22bc549f06adeb61317fa3409aab8a9533f78d3150f464253736425
SHA512

a74edcac9f391525802609e240f4438db392838040e9d319051b1d4eddce3110a00de5eb1ac27e936ccac6ef8749263b48cc2dfe6bbcdfe357686b21f93db4e6
SSDEEP

6144:MTykDONo0jv7IoPfeq1ZzxRJbL7f5LAh36rSLL6Nz:MLry/neyx7f/A6Nz

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2088	n.exe

Loads dropped DLL 1 IoCs

pid	Process
2768	1f02389ebbf6c167a088968c6f49ac07_JaffaCakes118.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\njoc\n.exe	1f02389ebbf6c167a088968c6f49ac07_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 2088	2768	1f02389ebbf6c167a088968c6f49ac07_JaffaCakes118.exe	28
PID 2768 wrote to memory of 2088	2768	1f02389ebbf6c167a088968c6f49ac07_JaffaCakes118.exe	28
PID 2768 wrote to memory of 2088	2768	1f02389ebbf6c167a088968c6f49ac07_JaffaCakes118.exe	28
PID 2768 wrote to memory of 2088	2768	1f02389ebbf6c167a088968c6f49ac07_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\1f02389ebbf6c167a088968c6f49ac07_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1f02389ebbf6c167a088968c6f49ac07_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Program Files (x86)\njoc\n.exe
  "C:\Program Files (x86)\njoc\n.exe"
  2⤵
  - Executes dropped EXE
  PID:2088

\Program Files (x86)\njoc\n.exe

Filesize
335KB

MD5
2010c025037c523e6e0c2db87100fdf2

SHA1
7cddec1a0fd7b27de71e4eaf0b63ee239e1668fa

SHA256
0f050d324caca9be0f592b05fb34165241dd6505d4b83cfd7ceeb67387e7381d

SHA512
ec63900bee34702e2b6d38d691dadae3872f2bdffa08be410d1c680d8e3bba78197eb89ca5d61b3a095af66880bb9ab46feac8cb3f68ef4a8accafe1a40d9a89

Download Submit
memory/2088-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2088-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2768-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2768-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2768-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2768-5-0x0000000001D30000-0x0000000001DC4000-memory.dmp

Filesize
592KB

Download