70bc38b26493f96d343387ff618115d1fdfd03dbe8e220a4f1ef484a701c3fd3

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/04/2024, 20:40

Target

e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe
Size

219KB
MD5

e85d7b0352a7f00fc2ea1cc537ea26f7
SHA1

37e2f3871419a504742510f9453f03204c9aea9d
SHA256

70bc38b26493f96d343387ff618115d1fdfd03dbe8e220a4f1ef484a701c3fd3
SHA512

257a6fd51e4be65728c1b50ea986694dfccd65de2ff02f3c9656fb549362f38a7af761ea16abf7d9561a696d4def23ff9179ec67291817f15278aec76f609ea6
SSDEEP

6144:tSUtwI+GPqkHT2dt9dkk5UblW5V4BYM/jAy1r:kUKNGPqVKI/+YMrA8

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1116	carss.exe

Loads dropped DLL 2 IoCs

pid	Process
2020	e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe
1116	carss.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\wi259422377nd.temp	e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\carss.exe	e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Internet Explorer\carss.exe	e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2020	e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe
2020	e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe
2020	e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe
2020	e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe
1116	carss.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1116	2020	e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe	28
PID 2020 wrote to memory of 1116	2020	e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe	28
PID 2020 wrote to memory of 1116	2020	e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe	28
PID 2020 wrote to memory of 1116	2020	e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe	28

C:\WINDOWS\Temp\hx107.tmp

Filesize
20.2MB

MD5
868867e12ebe4eb8c48fcce939174c57

SHA1
7f4f2d0162917235a870647d96c23a50de3b45fd

SHA256
dd57b2f8670d9644c47529b2d00989afd5504bf14494f6963e28f3550c33033a

SHA512
8baa1b9a53810bd45097b9b1f45c4d448b7f3a65a63858e363b2e4780740a91b9469d633bcce2722ca89ea1c95f7d6c27e4ae691260a653e644d33a29148f25b

Download Submit
\Program Files\Internet Explorer\carss.exe

Filesize
43KB

MD5
51138beea3e2c21ec44d0932c71762a8

SHA1
8939cf35447b22dd2c6e6f443446acc1bf986d58

SHA256
5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124

SHA512
794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d

Download Submit
memory/2020-0-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2020-12-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download