f049969ad35b49b2e003d82ca4d0e0bde6e69e0cbfa440fd207101d907acd88a

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
29/03/2024, 18:32

Target

299bf76694a230fbb9fd3adcf6d254c3_JaffaCakes118.exe
Size

1.9MB
MD5

299bf76694a230fbb9fd3adcf6d254c3
SHA1

7bea248b8504800985537aaf22daa052f5c67d8a
SHA256

f049969ad35b49b2e003d82ca4d0e0bde6e69e0cbfa440fd207101d907acd88a
SHA512

e0245b731c902c8f4d5b62d83aefc83bbd1599418ee181c6dd651a077c930d064771f8b76ac51eca46fe7822c74b4a9e9d53fcf1f4aa94cc332e67ab447faddc
SSDEEP

49152:Qoa1taC070dq3ynvGSuHNnrRL5ODlIdcKfDFfETVGaXIuMLyoWNgVDXW:Qoa1taC0LM+SYNnFLOl5Kf0VG9bGoAgQ

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2964	2FF6.tmp

Executes dropped EXE 1 IoCs

pid	Process
2964	2FF6.tmp

Loads dropped DLL 1 IoCs

pid	Process
2884	299bf76694a230fbb9fd3adcf6d254c3_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2964	2884	299bf76694a230fbb9fd3adcf6d254c3_JaffaCakes118.exe	28
PID 2884 wrote to memory of 2964	2884	299bf76694a230fbb9fd3adcf6d254c3_JaffaCakes118.exe	28
PID 2884 wrote to memory of 2964	2884	299bf76694a230fbb9fd3adcf6d254c3_JaffaCakes118.exe	28
PID 2884 wrote to memory of 2964	2884	299bf76694a230fbb9fd3adcf6d254c3_JaffaCakes118.exe	28

\Users\Admin\AppData\Local\Temp\2FF6.tmp

Filesize
1.9MB

MD5
bf27edda93ef7260fea7626364ee27db

SHA1
140593a6c4b32f863831acc6bc0bec49f6583de6

SHA256
689386d0ef2fbae39cc74dca9fe4570dfac0039b3346bfa9881f777683c8e027

SHA512
2b658cccaf6131f867651b4883566181777e0b43b89e03520e8c8dc653662271677fd0ca2dabc1a8d29d89552cefeb0659d1a4c32fe28eeea86237287b6e33c9

Download Submit
memory/2884-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/2964-6-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download