5b3ad646dbf01943bab3d581bf51159e881dd532ac75d82d48ecacc281003a23

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05/04/2024, 06:58

Target

ccd7b8ebe3e6fbef28e76ef7b78d41ab_JaffaCakes118.exe
Size

1.9MB
MD5

ccd7b8ebe3e6fbef28e76ef7b78d41ab
SHA1

d3f912241f6a3e957cce7a5ae6edfa295896e436
SHA256

5b3ad646dbf01943bab3d581bf51159e881dd532ac75d82d48ecacc281003a23
SHA512

31b56af2796f0d562923d2b3ab3317613737342be4f0e3ea3d57ff26aa9bb0d899f700bd9e3c9f25c41fabc6368d4be93a3ea4021a3a01dfd45a070c97ac33cb
SSDEEP

49152:Qoa1taC070d2NqzecNvBUhQvE55kOiSn2l:Qoa1taC0Xq93UhzfkOiyW

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2928	253C.tmp

Executes dropped EXE 1 IoCs

pid	Process
2928	253C.tmp

Loads dropped DLL 1 IoCs

pid	Process
2852	ccd7b8ebe3e6fbef28e76ef7b78d41ab_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 2928	2852	ccd7b8ebe3e6fbef28e76ef7b78d41ab_JaffaCakes118.exe	28
PID 2852 wrote to memory of 2928	2852	ccd7b8ebe3e6fbef28e76ef7b78d41ab_JaffaCakes118.exe	28
PID 2852 wrote to memory of 2928	2852	ccd7b8ebe3e6fbef28e76ef7b78d41ab_JaffaCakes118.exe	28
PID 2852 wrote to memory of 2928	2852	ccd7b8ebe3e6fbef28e76ef7b78d41ab_JaffaCakes118.exe	28

\Users\Admin\AppData\Local\Temp\253C.tmp

Filesize
1.9MB

MD5
3988a211f5811cf4bd8b35978e4d6aab

SHA1
6f26507abdd2f8b0e2e4dff9028b627b4840f599

SHA256
4e9d7d3846832319dc566ae3890f9669f8dba668cffd92494d654ef72106d03e

SHA512
10495ebbca7c2d70929cc7faaed38a67c6be4da0db2c33047116732fc05bedd65d5a059a228219d93c3b89c126b134bcdc497062403790494900645a22f8750c

Download Submit
memory/2852-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/2928-6-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download