0f06d2a99379034a9e31a27c2102deddfdb8afc98afcdaac9d12da7f6f481766

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 05:40

Target

ecc71f49a0f80bc795afa02c68f6aa01_JaffaCakes118.exe
Size

82KB
MD5

ecc71f49a0f80bc795afa02c68f6aa01
SHA1

e20644ed825bf77df54e0f75387f026947d5b512
SHA256

0f06d2a99379034a9e31a27c2102deddfdb8afc98afcdaac9d12da7f6f481766
SHA512

d13e881cfef65e8a95810e87308a5f6a400a14a21ed30e4333c212520b3ec435a0b4b9c46efa5fc2ff4fd487c825ae7040b120bd8c136ed7a31970b9e4d5fac9
SSDEEP

1536:AOHTpjr90mZqlfVdU5Vv5XJbP2Nf4YismffiJTE0VJBS53SgL4pTNM:AOHFt0llfPUbgfQs0fYI0SdZLE6

Score

7^/10

Deletes itself 1 IoCs

pid	Process
4792	ecc71f49a0f80bc795afa02c68f6aa01_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
4792	ecc71f49a0f80bc795afa02c68f6aa01_JaffaCakes118.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4784	ecc71f49a0f80bc795afa02c68f6aa01_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4784	ecc71f49a0f80bc795afa02c68f6aa01_JaffaCakes118.exe
4792	ecc71f49a0f80bc795afa02c68f6aa01_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4784 wrote to memory of 4792	4784	ecc71f49a0f80bc795afa02c68f6aa01_JaffaCakes118.exe	95
PID 4784 wrote to memory of 4792	4784	ecc71f49a0f80bc795afa02c68f6aa01_JaffaCakes118.exe	95
PID 4784 wrote to memory of 4792	4784	ecc71f49a0f80bc795afa02c68f6aa01_JaffaCakes118.exe	95

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4528 --field-trial-handle=2320,i,3025503729105798828,9325691672526736153,262144 --variations-seed-version /prefetch:8
1⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\ecc71f49a0f80bc795afa02c68f6aa01_JaffaCakes118.exe

Filesize
82KB

MD5
ad959126a92868bfd9cd94fd0a872a4e

SHA1
79f7d39ea5bfc3f62f03df3820742a9b8e8a440d

SHA256
97aa92db33085a553ad68329e8665b320c8ef853c07eadebfbe516bd6ee94f65

SHA512
3e665c3a1ae833ac1e6fe9bfbbaad5b142f6431367dc8938720c20e487e81bf7c69b50c437793c7c2490abc9768c11ad9ecb164fd3beb2ae4178957ac4e6fe61

Download Submit
memory/4784-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4784-1-0x00000000001D0000-0x00000000001FF000-memory.dmp

Filesize
188KB

Download
memory/4784-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4784-11-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4792-13-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4792-14-0x00000000001B0000-0x00000000001DF000-memory.dmp

Filesize
188KB

Download
memory/4792-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4792-23-0x0000000001680000-0x000000000169B000-memory.dmp

Filesize
108KB

Download