68c019d645f21f1ee98c79f489feb5b617aaf0d41da6d0b79aeb6a8e8410cc90

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-04-2024 18:11

Target

bf42db5a50531afe0262014479fe50fc_JaffaCakes118.exe
Size

1.9MB
MD5

bf42db5a50531afe0262014479fe50fc
SHA1

cc9edd37e677a0fce501abbe336255ef1bc4c651
SHA256

68c019d645f21f1ee98c79f489feb5b617aaf0d41da6d0b79aeb6a8e8410cc90
SHA512

9636f9ebf38db64e49b51e805ee6ecae9879f1d7c53ef6df0cb0ebe251d3ba4efd414b7853da32d23f53c02152f1e70a2a352063a3a31f3b18c2a8f24120be12
SSDEEP

24576:N2oo60HPdt+1CRiY2eOBvcj3u10dqEe81o60blXqRwvjnoWNWfB7J+CEB2QC9LJI:Qoa1taC070dne81XrukWYBvUPeLQL

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1648	147A.tmp

Executes dropped EXE 1 IoCs

pid	Process
1648	147A.tmp

Loads dropped DLL 1 IoCs

pid	Process
1900	bf42db5a50531afe0262014479fe50fc_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 1648	1900	bf42db5a50531afe0262014479fe50fc_JaffaCakes118.exe	28
PID 1900 wrote to memory of 1648	1900	bf42db5a50531afe0262014479fe50fc_JaffaCakes118.exe	28
PID 1900 wrote to memory of 1648	1900	bf42db5a50531afe0262014479fe50fc_JaffaCakes118.exe	28
PID 1900 wrote to memory of 1648	1900	bf42db5a50531afe0262014479fe50fc_JaffaCakes118.exe	28

\Users\Admin\AppData\Local\Temp\147A.tmp

Filesize
1.9MB

MD5
cab4536846b26eb4647b40023ae2d171

SHA1
aeea278ca48a945a37df7fbca221ea77b32d3faa

SHA256
73aeb80cae07576f319ad9f61706b3b6edb38955540e0fe546ddd1adb228f051

SHA512
e6017b0744fd4308066d0913fe8a654ca3da3017e7b77bb64adb65ef4bd61f0def32834e34754e6227e0e6df6978476552864c14cfaa2985b0d3b376dba5af46

Download Submit
memory/1648-6-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/1900-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download