50950d53d3253f8aa3ce0b12761c2a7ab6f217cd11e0abe3f3201c154cb2c4a7

Analysis

max time kernel
141s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 18:46

Target

1403d87753dcc7faf698eb8c3b610927_JaffaCakes118.exe
Size

3.1MB
MD5

1403d87753dcc7faf698eb8c3b610927
SHA1

b3ec37132abdc3c1dd9d186fd0bbd96853aa920b
SHA256

50950d53d3253f8aa3ce0b12761c2a7ab6f217cd11e0abe3f3201c154cb2c4a7
SHA512

1c2144a73704cbd21ea3728ad809143b80021568b2cef1fd6aa466c1b1ac5e16d3c69db58ba5f292ef3fde4580219d1a9fc79421802929cc302db2f79949d144
SSDEEP

49152:r24wsXV3YKPHieAp0vVbk3nEFUlS/x9ye/R2K88Rn06M47kOp2dsC/8Nkk+FnxJP:q4Dl3jPHFAWN/9NQr+VMIkOpPWk0nnP

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2800	1403d87753dcc7faf698eb8c3b610927_JaffaCakes118.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 2800	1544	1403d87753dcc7faf698eb8c3b610927_JaffaCakes118.exe	84
PID 1544 wrote to memory of 2800	1544	1403d87753dcc7faf698eb8c3b610927_JaffaCakes118.exe	84
PID 1544 wrote to memory of 2800	1544	1403d87753dcc7faf698eb8c3b610927_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\1403d87753dcc7faf698eb8c3b610927_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1403d87753dcc7faf698eb8c3b610927_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Users\Admin\AppData\Local\Temp\is-QEGPU.tmp\1403d87753dcc7faf698eb8c3b610927_JaffaCakes118.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-QEGPU.tmp\1403d87753dcc7faf698eb8c3b610927_JaffaCakes118.tmp" /SL5="$7006A,2977471,84480,C:\Users\Admin\AppData\Local\Temp\1403d87753dcc7faf698eb8c3b610927_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  PID:2800

C:\Users\Admin\AppData\Local\Temp\is-QEGPU.tmp\1403d87753dcc7faf698eb8c3b610927_JaffaCakes118.tmp

Filesize
694KB

MD5
943dec64dd704964d5cda2029284d9c0

SHA1
914ca8a04c07561ee6f77378d07999b31289529f

SHA256
c7ef3efffb4d88c152fdb2a6a7102cd9e5867e35dd65b9fc904940fc7b742982

SHA512
e2b8cb12375edef683dbdf4231b83b03f23787c4659de81a0f9a47e98177e3a8a874c2da00f9eabef4783dcd9ae4376896da41b7205d1fdb0d8ac22fc0e51031

Download Submit
memory/1544-0-0x00000000021A0000-0x000000000244F000-memory.dmp

Filesize
2.7MB

Download
memory/1544-1-0x0000000002450000-0x00000000026FE000-memory.dmp

Filesize
2.7MB

Download
memory/1544-2-0x0000000002700000-0x00000000029AE000-memory.dmp

Filesize
2.7MB

Download
memory/1544-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1544-10-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/1544-19-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2800-14-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2800-20-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download