edf81c39464c0457ed5192c2d2d6d878a3400be3c2f82fa9596e84429bd76330

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 11:28

Target

ff2d6538172a974a201360389d7376e1_JaffaCakes118.exe
Size

1021KB
MD5

ff2d6538172a974a201360389d7376e1
SHA1

eb0854db8d267c433c719c78c9f24cc33f120cbb
SHA256

edf81c39464c0457ed5192c2d2d6d878a3400be3c2f82fa9596e84429bd76330
SHA512

53adb3fe083d6c4d42dc8b98d75fa15a5db4342724247c99c8310786ecca0c07c56db869cd9dee6a90281b65840bb012bb5dff0f3b13492795b2a405b6783832
SSDEEP

24576:7zXKqa8SEijjC+37u9BEqxt5VUsftMQtadUkf02LUvHL/eG5QF3i2M3RntGc+v:7z6qaakjC+3aNxJU2Xtadhf0wiyJ5QnC

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
5048	qxshjpmc.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\rfamaffmg\qxshjpmc.exe	ff2d6538172a974a201360389d7376e1_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 5048	3452	ff2d6538172a974a201360389d7376e1_JaffaCakes118.exe	91
PID 3452 wrote to memory of 5048	3452	ff2d6538172a974a201360389d7376e1_JaffaCakes118.exe	91
PID 3452 wrote to memory of 5048	3452	ff2d6538172a974a201360389d7376e1_JaffaCakes118.exe	91

C:\Users\Admin\AppData\Local\Temp\ff2d6538172a974a201360389d7376e1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ff2d6538172a974a201360389d7376e1_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Program Files (x86)\rfamaffmg\qxshjpmc.exe
  "C:\Program Files (x86)\rfamaffmg\qxshjpmc.exe"
  2⤵
  - Executes dropped EXE
  PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:3160

C:\Program Files (x86)\rfamaffmg\qxshjpmc.exe

Filesize
1.0MB

MD5
a3f360b22a84a152f60adea7e696abf2

SHA1
9c5b90e87b0873998c55a823baa1da1323b5a256

SHA256
9bea1f390f0ddc7ff013b9e31801fa779ee8cc8148c3dac6fb5d4955e6196d67

SHA512
63cec2fcc1d6e523be4e4342bc74517ad7a816fed8cb3a8d1239766213658ca34867f35d3c726ebc3afd38a97ee4c802cc4a94223c23fa8fa9f045d4219db557

Download Submit
memory/3452-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3452-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3452-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/5048-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/5048-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download