223050e18bf7faeb473e44b1deeeb0700356c28b94608cc4d2392c6d1fda7fe9

Analysis

max time kernel
93s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2024 08:25

Target

40d799b5e2be2e4da2ac46f59120ae42_JaffaCakes118.exe
Size

532KB
MD5

40d799b5e2be2e4da2ac46f59120ae42
SHA1

3ce63ffec3caa1031e63b3aeeeb05262e0a110c6
SHA256

223050e18bf7faeb473e44b1deeeb0700356c28b94608cc4d2392c6d1fda7fe9
SHA512

d360b5fa092da877b6387af3144fa79406cc9081f2d86d38e0617144785faafd2f7a378e3901b821068eb77d9e19fff4f64a43ea4853963665556ed87f1f0b9c
SSDEEP

6144:v1wWhTirydGp5m+DGxyaRNZy/3yRy5CKK4+/JR1eQ3x2CJIIuThsz8fyaM/uYM6X:v1n/Epdw0fyRy0BxbB2YIIuThsoaZX

Score

1^/10

Suspicious use of UnmapMainImage 3 IoCs

pid	Process
4708	40d799b5e2be2e4da2ac46f59120ae42_JaffaCakes118.exe
3036	40d799b5e2be2e4da2ac46f59120ae42_JaffaCakes118.exe
5008	40d799b5e2be2e4da2ac46f59120ae42_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 3036	4708	40d799b5e2be2e4da2ac46f59120ae42_JaffaCakes118.exe	87
PID 4708 wrote to memory of 3036	4708	40d799b5e2be2e4da2ac46f59120ae42_JaffaCakes118.exe	87
PID 4708 wrote to memory of 3036	4708	40d799b5e2be2e4da2ac46f59120ae42_JaffaCakes118.exe	87
PID 4708 wrote to memory of 5008	4708	40d799b5e2be2e4da2ac46f59120ae42_JaffaCakes118.exe	88
PID 4708 wrote to memory of 5008	4708	40d799b5e2be2e4da2ac46f59120ae42_JaffaCakes118.exe	88
PID 4708 wrote to memory of 5008	4708	40d799b5e2be2e4da2ac46f59120ae42_JaffaCakes118.exe	88

C:\Users\Admin\AppData\Local\Temp\40d799b5e2be2e4da2ac46f59120ae42_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\40d799b5e2be2e4da2ac46f59120ae42_JaffaCakes118.exe"
1⤵
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Users\Admin\AppData\Local\Temp\40d799b5e2be2e4da2ac46f59120ae42_JaffaCakes118.exe
  start
  2⤵
  - Suspicious use of UnmapMainImage
  PID:3036
- C:\Users\Admin\AppData\Local\Temp\40d799b5e2be2e4da2ac46f59120ae42_JaffaCakes118.exe
  watch
  2⤵
  - Suspicious use of UnmapMainImage
  PID:5008

memory/3036-2-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/3036-4-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/4708-0-0x00000000004A0000-0x00000000004B0000-memory.dmp

Filesize
64KB

Download
memory/4708-1-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/5008-3-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/5008-5-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download