32ce826c58cb05add6ed1e986a9272f1e81dba00f0ab8e92cd3fa014b952631b

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/03/2024, 17:48

Target

28b3315912a7c616ea323566243334bf_JaffaCakes118.exe
Size

32KB
MD5

28b3315912a7c616ea323566243334bf
SHA1

e1c4439cc5bfb5654e6e0e32260ad0b1f075ad02
SHA256

32ce826c58cb05add6ed1e986a9272f1e81dba00f0ab8e92cd3fa014b952631b
SHA512

fd3468b83a626ca06d96d8943cc08903e080b010449fa0af0a9b9604ad6dd41b901f14200a6e07e735f970a36447bd68b8405746d7b1a51030bd440c8323d16e
SSDEEP

768:lp4zJaW38oL/S6EE1jOIy3Vgddrx2+Kd:kz0S8E1EE1j3y3Vgd3Kd

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2564	2056	28b3315912a7c616ea323566243334bf_JaffaCakes118.exe	28
PID 2056 wrote to memory of 2564	2056	28b3315912a7c616ea323566243334bf_JaffaCakes118.exe	28
PID 2056 wrote to memory of 2564	2056	28b3315912a7c616ea323566243334bf_JaffaCakes118.exe	28
PID 2056 wrote to memory of 2564	2056	28b3315912a7c616ea323566243334bf_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\28b3315912a7c616ea323566243334bf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\28b3315912a7c616ea323566243334bf_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\System32\conhost.exe
  "C:\Windows\System32\conhost.exe" "/sihost32"
  2⤵
  PID:2564

memory/2564-0-0x0000000000060000-0x0000000000066000-memory.dmp

Filesize
24KB

Download
memory/2564-1-0x0000000000210000-0x0000000000216000-memory.dmp

Filesize
24KB

Download
memory/2564-2-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2564-3-0x000000001ADF0000-0x000000001AE70000-memory.dmp

Filesize
512KB

Download
memory/2564-5-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download