0b47dc7aff965dbb9c8d9c1be4c4ab1bfe476d030c6170bbfd2f0e134762bff3

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 11:01

Target

eaea422c805dde273429fb8e547bac27_JaffaCakes118.exe
Size

1.1MB
MD5

eaea422c805dde273429fb8e547bac27
SHA1

db666f7fab5110dbb4803f894ef7cc9bc83181fc
SHA256

0b47dc7aff965dbb9c8d9c1be4c4ab1bfe476d030c6170bbfd2f0e134762bff3
SHA512

6c7737b7dbcf67c5a49c9bd206a31a602d91f2a42c33900bde43e427eddbdbe490c6631c5bf63a735f83db4e4e41d8d2643e47e84cc8454650282c5decbe2fd1
SSDEEP

24576:qKeyxTAJj7PZFK30B3I9ILWDdhV1uBKqPk:qKeyRAwEB3w7DbuBKAk

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1884	cmeg.exe

Loads dropped DLL 1 IoCs

pid	Process
2060	eaea422c805dde273429fb8e547bac27_JaffaCakes118.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\lrmells\cmeg.exe	eaea422c805dde273429fb8e547bac27_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 1884	2060	eaea422c805dde273429fb8e547bac27_JaffaCakes118.exe	28
PID 2060 wrote to memory of 1884	2060	eaea422c805dde273429fb8e547bac27_JaffaCakes118.exe	28
PID 2060 wrote to memory of 1884	2060	eaea422c805dde273429fb8e547bac27_JaffaCakes118.exe	28
PID 2060 wrote to memory of 1884	2060	eaea422c805dde273429fb8e547bac27_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\eaea422c805dde273429fb8e547bac27_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eaea422c805dde273429fb8e547bac27_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Program Files (x86)\lrmells\cmeg.exe
  "C:\Program Files (x86)\lrmells\cmeg.exe"
  2⤵
  - Executes dropped EXE
  PID:1884

\Program Files (x86)\lrmells\cmeg.exe

Filesize
1.1MB

MD5
be13e13ffb1c59201843e62081d100ac

SHA1
bfe9ea18ee4980f5271f8ab0b10d48fc37a68c8e

SHA256
9297e14b6b13d0b528b403c5cc793cba7e2bf447f163692f13b34e4054db18f8

SHA512
9cda8f0f71a4776129e15c11dbdfefca3f10ef8746046f5197f29acbc8de5498bbb69c81d9806a1433c5d55cacd25006a9456628a039d4b6194a6d8dba51cfdb

Download Submit
memory/1884-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1884-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1884-11-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2060-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2060-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2060-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2060-5-0x0000000000230000-0x00000000002C4000-memory.dmp

Filesize
592KB

Download