fb8be1dec1823c8d04e10ea5bf2905b6ec2d2f20bb069421c0e059dc44dcc8f9

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 08:10

Target

fc4fae8fe83eeb4385e27f3fa1d4cf93_JaffaCakes118.exe
Size

1.0MB
MD5

fc4fae8fe83eeb4385e27f3fa1d4cf93
SHA1

573e8a6b5de8768fd495747f33f0d82e4a7d25b9
SHA256

fb8be1dec1823c8d04e10ea5bf2905b6ec2d2f20bb069421c0e059dc44dcc8f9
SHA512

5fc830e38574b150020edc54c34babe86aaf888f948d385ae3a6ef7f831c8e1674e36bacafee77f4f3cc6f9121444a35f618406c4f4c1713c70554072f5fe190
SSDEEP

24576:dgdhhQGGnnazLpj4VHogiuG/EVeJGQGv0HDZPNq2:dqgazxcGkegQGMFw2

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1928	egv.exe

Loads dropped DLL 1 IoCs

pid	Process
2228	fc4fae8fe83eeb4385e27f3fa1d4cf93_JaffaCakes118.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\mz\egv.exe	fc4fae8fe83eeb4385e27f3fa1d4cf93_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 1928	2228	fc4fae8fe83eeb4385e27f3fa1d4cf93_JaffaCakes118.exe	28
PID 2228 wrote to memory of 1928	2228	fc4fae8fe83eeb4385e27f3fa1d4cf93_JaffaCakes118.exe	28
PID 2228 wrote to memory of 1928	2228	fc4fae8fe83eeb4385e27f3fa1d4cf93_JaffaCakes118.exe	28
PID 2228 wrote to memory of 1928	2228	fc4fae8fe83eeb4385e27f3fa1d4cf93_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\fc4fae8fe83eeb4385e27f3fa1d4cf93_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fc4fae8fe83eeb4385e27f3fa1d4cf93_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files (x86)\mz\egv.exe
  "C:\Program Files (x86)\mz\egv.exe"
  2⤵
  - Executes dropped EXE
  PID:1928

C:\Program Files (x86)\mz\egv.exe

Filesize
1.0MB

MD5
e2b2ffc60d01915c7909b55fe198da78

SHA1
e7624fdc062ac9fdf5285507da86204518cdd142

SHA256
d15efce887e9a3d43fa5e467903c72d783435ba8dcd22f7ba51c92f049e3a3ee

SHA512
3a239c9ddf878d2ad08564e9157c64f7ba622ce769353e5a9c5e67b6f47736d7fea58ea77a96d2e542ad3f84e450fb288e538e19aa0147587ec4c93e41292fde

Download Submit
memory/1928-6-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2228-5-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download