ddfb632cd71fc4355c7534537cd89dba291aa2aa97e1047bf4338fa63e16594f

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04/04/2024, 17:13

Target

be0afbe3f1a4b48ffa11740c9d2924ec_JaffaCakes118.exe
Size

952KB
MD5

be0afbe3f1a4b48ffa11740c9d2924ec
SHA1

f4fdeccd81adbe5ea3862ad669bdd48601bea56e
SHA256

ddfb632cd71fc4355c7534537cd89dba291aa2aa97e1047bf4338fa63e16594f
SHA512

f6d194d5834a6f097893595c2acc8a4f4b81e092feeb9fdb6c896078fa0620131e2c8531d7f0614c9dbcb71f969b1f6e3a53faf921ea6b3d8b75f569a6a86e67
SSDEEP

24576:qKeyxTAJj7P+yW6mc1YLYJbs30havxFiUEC:qKeyRA0y9fWLYucKsA

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
924	zfm.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\uwvnvz\zfm.exe	be0afbe3f1a4b48ffa11740c9d2924ec_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 924	1564	be0afbe3f1a4b48ffa11740c9d2924ec_JaffaCakes118.exe	86
PID 1564 wrote to memory of 924	1564	be0afbe3f1a4b48ffa11740c9d2924ec_JaffaCakes118.exe	86
PID 1564 wrote to memory of 924	1564	be0afbe3f1a4b48ffa11740c9d2924ec_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\be0afbe3f1a4b48ffa11740c9d2924ec_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\be0afbe3f1a4b48ffa11740c9d2924ec_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Program Files (x86)\uwvnvz\zfm.exe
  "C:\Program Files (x86)\uwvnvz\zfm.exe"
  2⤵
  - Executes dropped EXE
  PID:924

C:\Program Files (x86)\uwvnvz\zfm.exe

Filesize
974KB

MD5
d69aff6f4d928e7c21dc9368ef1f0f65

SHA1
4837c8c0a40ca866c84d6538964b0bca2209b9e4

SHA256
effea390059f22de232bd8fcee3d8b1f65ae07045d58578734b586e5a2bc1d71

SHA512
87d39507a8664933b63676e5ed1e018cf8efd86b1c1408d009b8883bf63797fadcd0b6d32806c2739e299360923a99063ed44fbdcce70a4030649277ac75af9f

Download Submit
memory/924-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/924-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/924-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1564-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1564-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1564-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download