ff0a94040c14b9e4dc27dacc7eaf9350961a53372bd5aa566a79d923996b5f59

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 00:08

Target

f4a08653aa99d02561bc980215d6d530_JaffaCakes118.exe
Size

82KB
MD5

f4a08653aa99d02561bc980215d6d530
SHA1

574756fef6d7c0a205b585ea7d673b463ed7803f
SHA256

ff0a94040c14b9e4dc27dacc7eaf9350961a53372bd5aa566a79d923996b5f59
SHA512

4b332829542c2fb65eecfe8a0be0d1780addf488c7f452c8c2809a99e61b864d511e668f7368f17ad12dbbaff072a28a179ec1b76c04611c634d3b3dc11add1c
SSDEEP

1536:mKZ1chuEytJy/YO8/kEduK433PrvuKsxhcDfmfnRGLPE8Zk61nZwJnqDJICqBjRy:Lce4Z8IBHecDrc8hZwJnqNICqZO

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1348	f4a08653aa99d02561bc980215d6d530_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
1348	f4a08653aa99d02561bc980215d6d530_JaffaCakes118.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4844	f4a08653aa99d02561bc980215d6d530_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4844	f4a08653aa99d02561bc980215d6d530_JaffaCakes118.exe
1348	f4a08653aa99d02561bc980215d6d530_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 1348	4844	f4a08653aa99d02561bc980215d6d530_JaffaCakes118.exe	92
PID 4844 wrote to memory of 1348	4844	f4a08653aa99d02561bc980215d6d530_JaffaCakes118.exe	92
PID 4844 wrote to memory of 1348	4844	f4a08653aa99d02561bc980215d6d530_JaffaCakes118.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4156 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
1⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\f4a08653aa99d02561bc980215d6d530_JaffaCakes118.exe

Filesize
82KB

MD5
ba999c85a2320ad1f1a81ce3afaeecab

SHA1
202096e161d7ad9ea4679d9ed53fcd1f0054c3ae

SHA256
9970330e635cdff94db0e187de6d776193d8a792cfedc2ac0dad1a5652241c1f

SHA512
fa2526b2c2ac557d476a7590aaaf5066398014f327fb1cba180c3674209586a8c5a803aba09878b72f0d38f55ca74ae0dae5e835e2b5954741931bf499012951

Download Submit
memory/1348-13-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1348-15-0x00000000001B0000-0x00000000001DF000-memory.dmp

Filesize
188KB

Download
memory/1348-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1348-23-0x0000000004D90000-0x0000000004DAB000-memory.dmp

Filesize
108KB

Download
memory/4844-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4844-1-0x00000000000F0000-0x000000000011F000-memory.dmp

Filesize
188KB

Download
memory/4844-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4844-11-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download