ac2ae17763b286c919716f357dbd7acf296a7c898f9a4f7748ab68c7164016ec

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 05:04

Target

f2c00ed8cb36d4d540e165e168fe9ba1_JaffaCakes118.exe
Size

585KB
MD5

f2c00ed8cb36d4d540e165e168fe9ba1
SHA1

17f251ad4cc6a8927eaff73555640a63688db472
SHA256

ac2ae17763b286c919716f357dbd7acf296a7c898f9a4f7748ab68c7164016ec
SHA512

4291f83e029d693eb67322f59c1ac38b2bbb84a29ddd6a2569644cd7c4e4ffafacbc0f58ef04e466b8570c8da6245d65e353b9b06b0dd0e016a89d2ccd55bc8c
SSDEEP

12288:MLry/neyx7f/A64j7P+tixhT8n3qBmc1YkVYNq2mfRm:qKeyxTAJj7P+yW6mc1Yh3m5m

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2096	yihtmcik.exe

Loads dropped DLL 1 IoCs

pid	Process
2280	f2c00ed8cb36d4d540e165e168fe9ba1_JaffaCakes118.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\nibhe\yihtmcik.exe	f2c00ed8cb36d4d540e165e168fe9ba1_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2096	2280	f2c00ed8cb36d4d540e165e168fe9ba1_JaffaCakes118.exe	28
PID 2280 wrote to memory of 2096	2280	f2c00ed8cb36d4d540e165e168fe9ba1_JaffaCakes118.exe	28
PID 2280 wrote to memory of 2096	2280	f2c00ed8cb36d4d540e165e168fe9ba1_JaffaCakes118.exe	28
PID 2280 wrote to memory of 2096	2280	f2c00ed8cb36d4d540e165e168fe9ba1_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\f2c00ed8cb36d4d540e165e168fe9ba1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f2c00ed8cb36d4d540e165e168fe9ba1_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Program Files (x86)\nibhe\yihtmcik.exe
  "C:\Program Files (x86)\nibhe\yihtmcik.exe"
  2⤵
  - Executes dropped EXE
  PID:2096

\Program Files (x86)\nibhe\yihtmcik.exe

Filesize
600KB

MD5
e0d7e80e71d25aad58fe1c4f0653929c

SHA1
2836badfdced6ecba2dfd105ad048094c5be7712

SHA256
5028630d14374317b1be2dd23b279bb33f1ddb222b84f1b2ae6ebdc52f532938

SHA512
b70a0fbba6f55a57d92bb60770a5106381115c3a4eb1ee8131440b6c788bdf448c67a17c7b6631f7024153ec2dd774febd29f4cb6f43157a2a82175458a8a4ba

Download Submit
memory/2096-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2096-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2280-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2280-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2280-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download