e261ca7ae2ea8e63d9d951b0410b27959da1b8156ec5217a9925a0f568cd82b7

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 00:26

Target

fb817736396165608f8629e575cd28f8_JaffaCakes118.exe
Size

73KB
MD5

fb817736396165608f8629e575cd28f8
SHA1

750d9a14fd7aff43f6fed8fbab070d70b6d59973
SHA256

e261ca7ae2ea8e63d9d951b0410b27959da1b8156ec5217a9925a0f568cd82b7
SHA512

5a1fa647810620aed07935b25d5df5176274cb799610e6862f1932c14a4b08915290a9b0a2973305fcb290007dd30bcac60d4c27c0edf1207fa30479364da325
SSDEEP

1536:iOXQrSji6XN9+GVqQ7zgN9ebqvjoJExemwHX9Xco:iOXQA+QqQfgNY0emc1

Score

1^/10

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 1020	3880	fb817736396165608f8629e575cd28f8_JaffaCakes118.exe	82
PID 3880 wrote to memory of 1020	3880	fb817736396165608f8629e575cd28f8_JaffaCakes118.exe	82

C:\Users\Admin\AppData\Local\Temp\fb817736396165608f8629e575cd28f8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fb817736396165608f8629e575cd28f8_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\27FA.tmp\11.bat" "C:\Users\Admin\AppData\Local\Temp\fb817736396165608f8629e575cd28f8_JaffaCakes118.exe""
  2⤵
  PID:1020

C:\Users\Admin\AppData\Local\Temp\27FA.tmp\11.bat

Filesize
208B

MD5
284480dde5ffd66dd94ae8be1d79f16e

SHA1
b396f4934cb3a29cc4bd64fdbf87ef5be4a869eb

SHA256
ee04cf7e99b92a7a2a7400c58af3ec36e168169b17a6c3cfea2f5d0b0efb99b4

SHA512
e248665bb1665a7d9b1dd413b2030f6c0f8b3a114242b63b7e71f9a4bf93867a65cd4d2347c4a1be3bd84ca0331790d84b45fa9a735e348619532fc0ec1ee0bf

Download Submit