b5001980be782d5d4b17d0dda13d94e9dab27c2dc6f3000ea8c6b0422d616337

Analysis

max time kernel
141s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 05:14

Target

f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe
Size

86KB
MD5

f2c34a56a33ee7a22e77a217f5c9e92b
SHA1

15ea8a34ec85888940dbd940193cf8add164add1
SHA256

b5001980be782d5d4b17d0dda13d94e9dab27c2dc6f3000ea8c6b0422d616337
SHA512

383c7db9437823e761cb7f1a5b03e9c9865a1e38d7386c855bf23b16600337641391c2466ae40bb7e946441a3d3cb8063ff4e260617c5e52fafa34205d43b286
SSDEEP

1536:DBry/ppUeNGs85da33WebF6PIFSWazu9PYA:DQYeq5Q3mg+CVazu9PJ

Score

1^/10

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 1580	3036	f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe	89
PID 3036 wrote to memory of 1580	3036	f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe	89
PID 3036 wrote to memory of 1580	3036	f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe	89
PID 3036 wrote to memory of 3112	3036	f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe	90
PID 3036 wrote to memory of 3112	3036	f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe	90
PID 3036 wrote to memory of 3112	3036	f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe	90
PID 3112 wrote to memory of 2120	3112	net.exe	93
PID 3112 wrote to memory of 2120	3112	net.exe	93
PID 3112 wrote to memory of 2120	3112	net.exe	93
PID 1580 wrote to memory of 3436	1580	net.exe	94
PID 1580 wrote to memory of 3436	1580	net.exe	94
PID 1580 wrote to memory of 3436	1580	net.exe	94

C:\Users\Admin\AppData\Local\Temp\f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Windows\SysWOW64\net.exe
  net start SpoolSvc227
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1580
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 start SpoolSvc227
    3⤵
    PID:3436
- C:\Windows\SysWOW64\net.exe
  net start SpoolSvc227
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3112
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 start SpoolSvc227
    3⤵
    PID:2120

C:\Users\Admin\AppData\Local\Temp\f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\f2c34a56a33ee7a22e77a217f5c9e92b_JaffaCakes118.exe /service
1⤵
PID:368

memory/3036-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3036-1-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download