0501c0f909599d5c6e3cd59c1082ae068b4d0e54ec383beec1ed87cd34bd7e05

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 17:11

Target

ffc3d699e73c8ead944333e45c7555a0_JaffaCakes118.exe
Size

239KB
MD5

ffc3d699e73c8ead944333e45c7555a0
SHA1

cbc5a1603377e467d3d62a9b4080d07f084d91b6
SHA256

0501c0f909599d5c6e3cd59c1082ae068b4d0e54ec383beec1ed87cd34bd7e05
SHA512

053ecfa1562cf95c2287a3dda12b896e88938dd9e1f3bcc99a2981f39a3c2aac3e82fe28edacab00414f007a5bfff9d0911aba0aea6c7374e80a289b82f50d70
SSDEEP

3072:DdiH3nmta1sGq5zJ7yORuqrb5MquF0sSv80st3KxL8PiLy60sye/UNcxqUATKNee:DdiMa6HenqiqQ3cATKE3Bxgi3e

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 2872	1912	ffc3d699e73c8ead944333e45c7555a0_JaffaCakes118.exe	29
PID 1912 wrote to memory of 2872	1912	ffc3d699e73c8ead944333e45c7555a0_JaffaCakes118.exe	29
PID 1912 wrote to memory of 2872	1912	ffc3d699e73c8ead944333e45c7555a0_JaffaCakes118.exe	29
PID 1912 wrote to memory of 2872	1912	ffc3d699e73c8ead944333e45c7555a0_JaffaCakes118.exe	29
PID 2872 wrote to memory of 2516	2872	notepad.exe	30
PID 2872 wrote to memory of 2516	2872	notepad.exe	30
PID 2872 wrote to memory of 2516	2872	notepad.exe	30

C:\Users\Admin\AppData\Local\Temp\ffc3d699e73c8ead944333e45c7555a0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ffc3d699e73c8ead944333e45c7555a0_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\system32\notepad.exe
  notepad.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2872
- - C:\Windows\system32\cmd.exe
    cmd
    3⤵
    PID:2516

memory/1912-2-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2872-0-0x0000000000060000-0x0000000000065000-memory.dmp

Filesize
20KB

Download
memory/2872-1-0x0000000000060000-0x0000000000065000-memory.dmp

Filesize
20KB

Download
memory/2872-3-0x0000000000060000-0x0000000000065000-memory.dmp

Filesize
20KB

Download