daa25cb8c3c42911389cd3342a7d1e64401b5a2ea17f96520286a08d7e1f472c

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 08:31

Target

eaa8c8e9decdd5c40c758e47fd1ccba0_JaffaCakes118.exe
Size

4KB
MD5

eaa8c8e9decdd5c40c758e47fd1ccba0
SHA1

465cf5f2462cab1d700a1b746282d7831cae3fbd
SHA256

daa25cb8c3c42911389cd3342a7d1e64401b5a2ea17f96520286a08d7e1f472c
SHA512

c990a4cdd9f3790fe8cd040c96a872f7c8dc81eb29e1502cb5c61633a27261df2bd1119d0016278ec83468606c0eb5b1117e5bf4cec86c096917986c4f9b2d1c
SSDEEP

48:ZvtFKT1zMePBCeURk5pCxF4Sr29cfAzYED7E/L/LLX/frrbfz7/L/LLX/frrbfzj:Z1sAgUICx+SccfAzTW1V

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2588	svchost.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2244	eaa8c8e9decdd5c40c758e47fd1ccba0_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2588	2244	eaa8c8e9decdd5c40c758e47fd1ccba0_JaffaCakes118.exe	28
PID 2244 wrote to memory of 2588	2244	eaa8c8e9decdd5c40c758e47fd1ccba0_JaffaCakes118.exe	28
PID 2244 wrote to memory of 2588	2244	eaa8c8e9decdd5c40c758e47fd1ccba0_JaffaCakes118.exe	28
PID 2244 wrote to memory of 2588	2244	eaa8c8e9decdd5c40c758e47fd1ccba0_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\eaa8c8e9decdd5c40c758e47fd1ccba0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eaa8c8e9decdd5c40c758e47fd1ccba0_JaffaCakes118.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\SysWOW64\svchost.exe
  svchost.exe
  2⤵
  - Deletes itself
  PID:2588

memory/2244-0-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2588-1-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2588-2-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download