16cfebf8c1f9127a2e0ef078f279973d8ab408af9d0e99f7c6f9a07f1e728239

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 13:59

Target

fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe
Size

8KB
MD5

fceb7dd8c689393582389866208cf6fe
SHA1

79cdea8594ca6d58161e008b22aae5f0c149e94d
SHA256

16cfebf8c1f9127a2e0ef078f279973d8ab408af9d0e99f7c6f9a07f1e728239
SHA512

01388fae7fe75d77dc7e3cc03aa7a09cb04164d65a4ef7ffe561c7587c42f62c7f5a8eaeaebf16f6d422fef39a6171322cbd819b04e45afd701928c8f02c9fef
SSDEEP

192:ybjmJpxbq1ecenPiyCLGHbjmJzXYWu8+M:ybyPxTXPiypHbytX/

Score

7^/10

Executes dropped EXE 2 IoCs

pid	Process
2748	fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE
2156	fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE

Loads dropped DLL 4 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 2748	1284	fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe	29
PID 1284 wrote to memory of 2748	1284	fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe	29
PID 1284 wrote to memory of 2748	1284	fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe	29
PID 1284 wrote to memory of 2748	1284	fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe	29
PID 1284 wrote to memory of 2156	1284	fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe	30
PID 1284 wrote to memory of 2156	1284	fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe	30
PID 1284 wrote to memory of 2156	1284	fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe	30
PID 1284 wrote to memory of 2156	1284	fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE
  "C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE
  "C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE"
  2⤵
  - Executes dropped EXE
  PID:2156

\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE

Filesize
8KB

MD5
ea0fd1d89d4aa3e52ca3f2a3936d5c90

SHA1
ebf8372fb21e6b6703a34c9f48b9493b9d0a75df

SHA256
a291cb0ab6ab78a72d36867118a6cfb9bc0e968a53d2c22f41cb721c419300b0

SHA512
3d422af7e7d9ba7b422af0662470cbdf1bcb399d0508e7b7ba10edaf97cbb539c09d567bf6d87a4377f2fb0945d80c9cbd0be4c0cf0dcf6ff244cf665bc49c58

Download Submit
\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE

Filesize
8KB

MD5
08b7fdc19e5b40345457d3f50acd6745

SHA1
90dfd55502d45ab097ed2f27e6b8a0827f23b777

SHA256
d2cc75c407531d02867cb910d72675b256f5e167f64c767d62da4c46c606a127

SHA512
205d548ea369328241dfd62de472037685c5a4cfcb6ea7dd30a28a4c7dbeae3b9e269d9a124bf846cd0cc420f4ade4498417423ebf962cc58c655f51f79621e1

Download Submit