eda2fc4d3eab34d348d29a72354a51726080f18ce1c1a7a425596ff182a53ecb

Analysis

max time kernel
92s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-04-2024 10:22

Target

e4b3a32bd8e0d3bfe3e9ce61cac71371_JaffaCakes118.exe
Size

799KB
MD5

e4b3a32bd8e0d3bfe3e9ce61cac71371
SHA1

48ca59d9b3611f99ff7b27ecbb8b357947886502
SHA256

eda2fc4d3eab34d348d29a72354a51726080f18ce1c1a7a425596ff182a53ecb
SHA512

0a0c5c8e94c2f8ddc770bc6fffb8901f32aae013e2eaf1cd07e56c091ae94812d60daad3f0ea40ce44712bd194cedf146ece0d01b22f948bbbae238002b61afd
SSDEEP

24576:ZtZKp01h2QuJl5RzAI4j5ftAXVJJxF0HivpZT0u+3:M+1hMXsI4Nf2XlxF0CBZHw

Score

1^/10

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
1656	e4b3a32bd8e0d3bfe3e9ce61cac71371_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 3444	1656	e4b3a32bd8e0d3bfe3e9ce61cac71371_JaffaCakes118.exe	87
PID 1656 wrote to memory of 3444	1656	e4b3a32bd8e0d3bfe3e9ce61cac71371_JaffaCakes118.exe	87
PID 1656 wrote to memory of 3444	1656	e4b3a32bd8e0d3bfe3e9ce61cac71371_JaffaCakes118.exe	87

C:\Users\Admin\AppData\Local\Temp\e4b3a32bd8e0d3bfe3e9ce61cac71371_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e4b3a32bd8e0d3bfe3e9ce61cac71371_JaffaCakes118.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Windows\SysWOW64\svchost.exe
  "C:\Users\Admin\AppData\Local\Temp\e4b3a32bd8e0d3bfe3e9ce61cac71371_JaffaCakes118.exe"
  2⤵
  PID:3444

memory/1656-0-0x0000000000C50000-0x0000000000C57000-memory.dmp

Filesize
28KB

Download
memory/1656-1-0x0000000003050000-0x0000000003052000-memory.dmp

Filesize
8KB

Download