b5001980be782d5d4b17d0dda13d94e9dab27c2dc6f3000ea8c6b0422d616337

Analysis

max time kernel
144s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-04-2024 05:14

Target

f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe
Size

86KB
MD5

f2c34a56a33ee7a22e77a217f5c9e92b
SHA1

15ea8a34ec85888940dbd940193cf8add164add1
SHA256

b5001980be782d5d4b17d0dda13d94e9dab27c2dc6f3000ea8c6b0422d616337
SHA512

383c7db9437823e761cb7f1a5b03e9c9865a1e38d7386c855bf23b16600337641391c2466ae40bb7e946441a3d3cb8063ff4e260617c5e52fafa34205d43b286
SSDEEP

1536:DBry/ppUeNGs85da33WebF6PIFSWazu9PYA:DQYeq5Q3mg+CVazu9PJ

Score

1^/10

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2500	2200	f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe	30
PID 2200 wrote to memory of 2500	2200	f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe	30
PID 2200 wrote to memory of 2500	2200	f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe	30
PID 2200 wrote to memory of 2500	2200	f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe	30
PID 2200 wrote to memory of 2128	2200	f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe	31
PID 2200 wrote to memory of 2128	2200	f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe	31
PID 2200 wrote to memory of 2128	2200	f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe	31
PID 2200 wrote to memory of 2128	2200	f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe	31
PID 2128 wrote to memory of 2648	2128	net.exe	34
PID 2128 wrote to memory of 2648	2128	net.exe	34
PID 2128 wrote to memory of 2648	2128	net.exe	34
PID 2128 wrote to memory of 2648	2128	net.exe	34
PID 2500 wrote to memory of 2684	2500	net.exe	35
PID 2500 wrote to memory of 2684	2500	net.exe	35
PID 2500 wrote to memory of 2684	2500	net.exe	35
PID 2500 wrote to memory of 2684	2500	net.exe	35

C:\Users\Admin\AppData\Local\Temp\f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\SysWOW64\net.exe
  net start SpoolSvc227
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2500
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 start SpoolSvc227
    3⤵
    PID:2684
- C:\Windows\SysWOW64\net.exe
  net start SpoolSvc227
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2128
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 start SpoolSvc227
    3⤵
    PID:2648

C:\Users\Admin\AppData\Local\Temp\f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe /service
1⤵
PID:2736

memory/2200-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2200-2-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2736-1-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download