200a328133cedb0def9b104e2f03c673d93eb96b650b8de990891a54489314e6

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 08:07

Target

f30dad07f93c4af6f6f9b09cfbc31437_JaffaCakes118.exe
Size

1.9MB
MD5

f30dad07f93c4af6f6f9b09cfbc31437
SHA1

8d474dcb2741c68d5d084968fcf75294cfd25234
SHA256

200a328133cedb0def9b104e2f03c673d93eb96b650b8de990891a54489314e6
SHA512

40052f6203a9bc917968af65157be36c5b7ff5ace3928cf90570c99c91d41dc30b44afd28cb25541f4a3c4d9dee509320d7209fa2aa1311a32e392445a566b51
SSDEEP

49152:Qoa1taC070duVJZCOCQBnc1Giz9zUQM0+ho:Qoa1taC09VJZdTncIa9zU90j

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1808	A0F.tmp

Executes dropped EXE 1 IoCs

pid	Process
1808	A0F.tmp

Loads dropped DLL 1 IoCs

pid	Process
2212	f30dad07f93c4af6f6f9b09cfbc31437_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 1808	2212	f30dad07f93c4af6f6f9b09cfbc31437_JaffaCakes118.exe	28
PID 2212 wrote to memory of 1808	2212	f30dad07f93c4af6f6f9b09cfbc31437_JaffaCakes118.exe	28
PID 2212 wrote to memory of 1808	2212	f30dad07f93c4af6f6f9b09cfbc31437_JaffaCakes118.exe	28
PID 2212 wrote to memory of 1808	2212	f30dad07f93c4af6f6f9b09cfbc31437_JaffaCakes118.exe	28

\Users\Admin\AppData\Local\Temp\A0F.tmp

Filesize
1.9MB

MD5
1010004cd3a33bfbfaeb5641c9394e13

SHA1
3ab5b9052c4d40916c51aef9490229c4ca6dd336

SHA256
a4de4f587e03232a01acbde35390cf049e9fdbb2d932a884867331ffb2b2787a

SHA512
2be3e1b7f08203aebade7ab410e6f33f2dced5e1a400d6c13e1adf36de17a2c692b64e75a6c5810424ba7d82793c7fca4c73f8d79400b9c5929edf3731969867

Download Submit
memory/1808-6-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/2212-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download