7f3be77d6d22232820404da8f3ae52b0f3cf1cd174082f23ee7498737ba4ec18

Analysis

max time kernel
93s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 10:05

Target

d0b29cfedc314194532ba543b0743a1c_JaffaCakes118.exe
Size

386KB
MD5

d0b29cfedc314194532ba543b0743a1c
SHA1

9f607a189a326bca8c406aabd000f869dd578b98
SHA256

7f3be77d6d22232820404da8f3ae52b0f3cf1cd174082f23ee7498737ba4ec18
SHA512

65eb7b17818da984bcf6e0741a597274930d29603b36f71e6a066cb20b87072be1ececde05c5973d73c24730c9dfba58e53fe81eb7d70f308855050e50c69b2b
SSDEEP

6144:WABt57v4rn+40fNfL7M5Q7LjgWj713KucT5c5B+BGkCgpwCmpkI71:WET7enAVM5Yjg8Bf+K5B+skTOC+VR

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3460	ypbaurwmjzlx.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\jzgqmrpqr\ypbaurwmjzlx.exe	d0b29cfedc314194532ba543b0743a1c_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 888 wrote to memory of 3460	888	d0b29cfedc314194532ba543b0743a1c_JaffaCakes118.exe	85
PID 888 wrote to memory of 3460	888	d0b29cfedc314194532ba543b0743a1c_JaffaCakes118.exe	85
PID 888 wrote to memory of 3460	888	d0b29cfedc314194532ba543b0743a1c_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\d0b29cfedc314194532ba543b0743a1c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d0b29cfedc314194532ba543b0743a1c_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:888
- C:\Program Files (x86)\jzgqmrpqr\ypbaurwmjzlx.exe
  "C:\Program Files (x86)\jzgqmrpqr\ypbaurwmjzlx.exe"
  2⤵
  - Executes dropped EXE
  PID:3460

C:\Program Files (x86)\jzgqmrpqr\ypbaurwmjzlx.exe

Filesize
404KB

MD5
b49217de643f995c786376fd4c193028

SHA1
39e434b536e200ddcc9642e90e73b7927a608ddc

SHA256
448ff5756c48dbb5b2736d688f25b20a336b0fb8960f40e14ed5814e08bd8313

SHA512
e6ee02c8a227c31fd1abb8de7458c3bafab2bc22e7eee929c732e6bdde92139ae87bdc72d05bdfbec560537fc44fe2756be1596e54c9113921a8e2f51b6ffcb9

Download Submit
memory/888-0-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/888-1-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/888-5-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/3460-7-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/3460-8-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download