7f3be77d6d22232820404da8f3ae52b0f3cf1cd174082f23ee7498737ba4ec18

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05-04-2024 10:05

Target

d0b29cfedc314194532ba543b0743a1c_JaffaCakes118.exe
Size

386KB
MD5

d0b29cfedc314194532ba543b0743a1c
SHA1

9f607a189a326bca8c406aabd000f869dd578b98
SHA256

7f3be77d6d22232820404da8f3ae52b0f3cf1cd174082f23ee7498737ba4ec18
SHA512

65eb7b17818da984bcf6e0741a597274930d29603b36f71e6a066cb20b87072be1ececde05c5973d73c24730c9dfba58e53fe81eb7d70f308855050e50c69b2b
SSDEEP

6144:WABt57v4rn+40fNfL7M5Q7LjgWj713KucT5c5B+BGkCgpwCmpkI71:WET7enAVM5Yjg8Bf+K5B+skTOC+VR

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2020	oio.exe

Loads dropped DLL 1 IoCs

pid	Process
2040	d0b29cfedc314194532ba543b0743a1c_JaffaCakes118.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ancpq\oio.exe	d0b29cfedc314194532ba543b0743a1c_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2020	2040	d0b29cfedc314194532ba543b0743a1c_JaffaCakes118.exe	28
PID 2040 wrote to memory of 2020	2040	d0b29cfedc314194532ba543b0743a1c_JaffaCakes118.exe	28
PID 2040 wrote to memory of 2020	2040	d0b29cfedc314194532ba543b0743a1c_JaffaCakes118.exe	28
PID 2040 wrote to memory of 2020	2040	d0b29cfedc314194532ba543b0743a1c_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\d0b29cfedc314194532ba543b0743a1c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d0b29cfedc314194532ba543b0743a1c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Program Files (x86)\ancpq\oio.exe
  "C:\Program Files (x86)\ancpq\oio.exe"
  2⤵
  - Executes dropped EXE
  PID:2020

C:\Program Files (x86)\ancpq\oio.exe

Filesize
411KB

MD5
67f5f8575a0ead5ab8f6a874b16336f9

SHA1
756c646d4b50d804587386fb6f212556d97d848c

SHA256
57ea3b8e032cebc37bd1b05a39b03c98e1c3982d7af220aae493fa929f38f9f7

SHA512
772030830379c5b5f05bc13f9fc9e8e912d0e699fb49328208c27d7e5ee032084f43bfc7f7c511939bb7e062547f675f2d26373f59818fd321c55f0a0a9ac484

Download Submit
memory/2020-9-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/2020-10-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/2040-0-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/2040-1-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/2040-7-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download