1464e03e65d329fc8698704255924de2c3fb42dcd0f25901cd85bc7d4d50248a

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 05:11

Target

386d9a648e5600d46548bae0a66a69e7_JaffaCakes118.exe
Size

589KB
MD5

386d9a648e5600d46548bae0a66a69e7
SHA1

6bbcba92aa988c90979d8fc682b203fdd19406f8
SHA256

1464e03e65d329fc8698704255924de2c3fb42dcd0f25901cd85bc7d4d50248a
SHA512

6f7a12b8b51e6381fd06e9dee3dcafcd4c3f0d8dedce72d49e07c89ff89cf6d0df4531d8f15bd8b17152b4a0665df5bb50aa1b2347f2a8bf28a5832cc8c3b642
SSDEEP

6144:tfc2iij7GqfY+CG78PT/j83cI6Cj2GKfA7tAKsKSrZyPd4MY41bMUzMD5qPPMEGv:tfLi25Y+z7Cw3WCj2GC64KSrZyymL9Uv

Score

1^/10

Suspicious use of UnmapMainImage 3 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 2724	2592	386d9a648e5600d46548bae0a66a69e7_JaffaCakes118.exe	28
PID 2592 wrote to memory of 2724	2592	386d9a648e5600d46548bae0a66a69e7_JaffaCakes118.exe	28
PID 2592 wrote to memory of 2724	2592	386d9a648e5600d46548bae0a66a69e7_JaffaCakes118.exe	28
PID 2592 wrote to memory of 2724	2592	386d9a648e5600d46548bae0a66a69e7_JaffaCakes118.exe	28
PID 2592 wrote to memory of 2780	2592	386d9a648e5600d46548bae0a66a69e7_JaffaCakes118.exe	29
PID 2592 wrote to memory of 2780	2592	386d9a648e5600d46548bae0a66a69e7_JaffaCakes118.exe	29
PID 2592 wrote to memory of 2780	2592	386d9a648e5600d46548bae0a66a69e7_JaffaCakes118.exe	29
PID 2592 wrote to memory of 2780	2592	386d9a648e5600d46548bae0a66a69e7_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\386d9a648e5600d46548bae0a66a69e7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\386d9a648e5600d46548bae0a66a69e7_JaffaCakes118.exe"
1⤵
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Users\Admin\AppData\Local\Temp\386d9a648e5600d46548bae0a66a69e7_JaffaCakes118.exe
  start
  2⤵
  - Suspicious use of UnmapMainImage
  PID:2724
- C:\Users\Admin\AppData\Local\Temp\386d9a648e5600d46548bae0a66a69e7_JaffaCakes118.exe
  watch
  2⤵
  - Suspicious use of UnmapMainImage
  PID:2780

memory/2592-0-0x0000000000230000-0x000000000024F000-memory.dmp

Filesize
124KB

Download
memory/2592-2-0x0000000000400000-0x0000000000493000-memory.dmp

Filesize
588KB

Download
memory/2724-3-0x0000000000400000-0x0000000000493000-memory.dmp

Filesize
588KB

Download
memory/2724-5-0x0000000000400000-0x0000000000493000-memory.dmp

Filesize
588KB

Download
memory/2780-4-0x0000000000400000-0x0000000000493000-memory.dmp

Filesize
588KB

Download
memory/2780-6-0x0000000000400000-0x0000000000493000-memory.dmp

Filesize
588KB

Download