235400db0c44cded82c99e87c7504005985f223aa777388325a38255134f2276

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 15:48

Target

3ae226316a769020947aaa7dbbfe8e86_JaffaCakes118.exe
Size

796KB
MD5

3ae226316a769020947aaa7dbbfe8e86
SHA1

3e8502ab58ed7dc523a68b43db3474f44d0625ce
SHA256

235400db0c44cded82c99e87c7504005985f223aa777388325a38255134f2276
SHA512

62dda5586d71816f571b42b28009079ada217b033811df54b35975c7478ca6d75cbaa861421f0c864c1b12db3ab965fb96015f3bc772a10775f7ac4068223c6a
SSDEEP

12288:wszx/K5ElQDIjNQOe9QkOPOvw0OoYhBhbNvAO+3lZC4E5YRVAKUeIV:L9/DOTNO2vJQB7ADlZC4KY8V

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 380	1540	3ae226316a769020947aaa7dbbfe8e86_JaffaCakes118.exe	28
PID 1540 wrote to memory of 380	1540	3ae226316a769020947aaa7dbbfe8e86_JaffaCakes118.exe	28
PID 1540 wrote to memory of 380	1540	3ae226316a769020947aaa7dbbfe8e86_JaffaCakes118.exe	28
PID 1540 wrote to memory of 380	1540	3ae226316a769020947aaa7dbbfe8e86_JaffaCakes118.exe	28
PID 1540 wrote to memory of 2936	1540	3ae226316a769020947aaa7dbbfe8e86_JaffaCakes118.exe	29
PID 1540 wrote to memory of 2936	1540	3ae226316a769020947aaa7dbbfe8e86_JaffaCakes118.exe	29
PID 1540 wrote to memory of 2936	1540	3ae226316a769020947aaa7dbbfe8e86_JaffaCakes118.exe	29
PID 1540 wrote to memory of 2936	1540	3ae226316a769020947aaa7dbbfe8e86_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\3ae226316a769020947aaa7dbbfe8e86_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3ae226316a769020947aaa7dbbfe8e86_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Users\Admin\AppData\Local\Temp\3ae226316a769020947aaa7dbbfe8e86_JaffaCakes118.exe
  start
  2⤵
  PID:380
- C:\Users\Admin\AppData\Local\Temp\3ae226316a769020947aaa7dbbfe8e86_JaffaCakes118.exe
  watch
  2⤵
  PID:2936

memory/380-6-0x0000000005000000-0x0000000005069000-memory.dmp

Filesize
420KB

Download
memory/380-7-0x0000000000560000-0x00000000005A0000-memory.dmp

Filesize
256KB

Download
memory/380-9-0x0000000005000000-0x0000000005069000-memory.dmp

Filesize
420KB

Download
memory/1540-0-0x0000000000400000-0x00000000004CA000-memory.dmp

Filesize
808KB

Download
memory/1540-3-0x0000000000555000-0x000000000058D000-memory.dmp

Filesize
224KB

Download
memory/1540-2-0x0000000005000000-0x0000000005069000-memory.dmp

Filesize
420KB

Download
memory/2936-5-0x0000000000230000-0x0000000000270000-memory.dmp

Filesize
256KB

Download
memory/2936-4-0x0000000005000000-0x0000000005069000-memory.dmp

Filesize
420KB

Download
memory/2936-11-0x0000000005000000-0x0000000005069000-memory.dmp

Filesize
420KB

Download