e254c1365f56d446ee9cbb100c9e75cb044c63b2e60b064fdef58f39378dbb50

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 02:09

Target

f94618c4b4cd8ca0bd08b49ce82e2f31_JaffaCakes118.exe
Size

642KB
MD5

f94618c4b4cd8ca0bd08b49ce82e2f31
SHA1

30ab690e3c0fc877fe8a2849fcebbab6fecc9b4a
SHA256

e254c1365f56d446ee9cbb100c9e75cb044c63b2e60b064fdef58f39378dbb50
SHA512

614c27ac6654913193f3323743b5ac60fbe02d2f54b6ebcbe667c4e2a7b47e4ccab803193f4cb222b6bca881cca0f1f1a25e256deff9a3b7730cc0bd6fa15c94
SSDEEP

12288:8gHSlDOPzBm8K6r0zZfs07AdhsB8OcIeqSBX5Haq/WmAyVRnQlVT3nWYRc:Rylylm8h0zB58dOBXcIenn/WmAyVRn0b

Score

1^/10

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 3036	2368	f94618c4b4cd8ca0bd08b49ce82e2f31_JaffaCakes118.exe	28
PID 2368 wrote to memory of 3036	2368	f94618c4b4cd8ca0bd08b49ce82e2f31_JaffaCakes118.exe	28
PID 2368 wrote to memory of 3036	2368	f94618c4b4cd8ca0bd08b49ce82e2f31_JaffaCakes118.exe	28
PID 2368 wrote to memory of 3036	2368	f94618c4b4cd8ca0bd08b49ce82e2f31_JaffaCakes118.exe	28
PID 2368 wrote to memory of 3036	2368	f94618c4b4cd8ca0bd08b49ce82e2f31_JaffaCakes118.exe	28
PID 2368 wrote to memory of 3036	2368	f94618c4b4cd8ca0bd08b49ce82e2f31_JaffaCakes118.exe	28
PID 2368 wrote to memory of 3036	2368	f94618c4b4cd8ca0bd08b49ce82e2f31_JaffaCakes118.exe	28
PID 3036 wrote to memory of 1172	3036	Net.exe	30
PID 3036 wrote to memory of 1172	3036	Net.exe	30
PID 3036 wrote to memory of 1172	3036	Net.exe	30
PID 3036 wrote to memory of 1172	3036	Net.exe	30
PID 3036 wrote to memory of 1172	3036	Net.exe	30
PID 3036 wrote to memory of 1172	3036	Net.exe	30
PID 3036 wrote to memory of 1172	3036	Net.exe	30

C:\Users\Admin\AppData\Local\Temp\f94618c4b4cd8ca0bd08b49ce82e2f31_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f94618c4b4cd8ca0bd08b49ce82e2f31_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\SysWOW64\Net.exe
  Net Stop PcaSvc
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3036
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 Stop PcaSvc
    3⤵
    PID:1172

memory/2368-0-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download