14146a0f530d8cc2ab2046c06471763e4025eb29577d2b0239dbfb170ee0d968

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 05:23

Target

dc490635ce91d7254e163fa138701e18_JaffaCakes118.exe
Size

2.1MB
MD5

dc490635ce91d7254e163fa138701e18
SHA1

eb569c5e8e23b4733f3f502b381452a877243877
SHA256

14146a0f530d8cc2ab2046c06471763e4025eb29577d2b0239dbfb170ee0d968
SHA512

acb49493afad02c4d34a474c649b1f4b26708a93b2ff5b118d13f0de1e27c1e673f4845b48cae99dbbf2977292a13274f602d922c1f199a303252f8ff5001b75
SSDEEP

49152:dqgazxcGYN139lnk30roDfEc5vtQ8g6inLI:dqgazxc5H39ln2DEcjnOI

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2372	ayc.exe

Loads dropped DLL 1 IoCs

pid	Process
1972	dc490635ce91d7254e163fa138701e18_JaffaCakes118.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\uvdhv\ayc.exe	dc490635ce91d7254e163fa138701e18_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2372	1972	dc490635ce91d7254e163fa138701e18_JaffaCakes118.exe	28
PID 1972 wrote to memory of 2372	1972	dc490635ce91d7254e163fa138701e18_JaffaCakes118.exe	28
PID 1972 wrote to memory of 2372	1972	dc490635ce91d7254e163fa138701e18_JaffaCakes118.exe	28
PID 1972 wrote to memory of 2372	1972	dc490635ce91d7254e163fa138701e18_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\dc490635ce91d7254e163fa138701e18_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dc490635ce91d7254e163fa138701e18_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Program Files (x86)\uvdhv\ayc.exe
  "C:\Program Files (x86)\uvdhv\ayc.exe"
  2⤵
  - Executes dropped EXE
  PID:2372

\Program Files (x86)\uvdhv\ayc.exe

Filesize
2.2MB

MD5
f6a5afc5b894b0d99417471de308218f

SHA1
deb979ae5e434d40b4badad7458602166482d341

SHA256
a54eda334b0aa11f07df30ec37fcf55690ae682954e8bc89c64a8f3a8acf0920

SHA512
05b7701ff4ba34755741b5345c3c5158563d8bff38c86e0d568ab0919bec4267275931ed1f54e17ab352ec952fe6f4b416ee835d0b919a924430c73a01c34a32

Download Submit
memory/1972-4-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2372-6-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download