d4ce2e66d1b9bd1b5059d949e729c0584bfa3d76e51468a86c63ee8ef4551925

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 12:48

Target

6e9296113901d15ec5a5158e69b70383_JaffaCakes118.exe
Size

528KB
MD5

6e9296113901d15ec5a5158e69b70383
SHA1

d4fe207270e34ddf90fa8fbdea76416c2314cde8
SHA256

d4ce2e66d1b9bd1b5059d949e729c0584bfa3d76e51468a86c63ee8ef4551925
SHA512

c9a04c86e7ce47c490786d2f4a8aac9de606dad4453a26eb09cad363179754092a4889d2b5e661b761f36d40d794e2a83dd783fe00bd4ca6a920634584445394
SSDEEP

12288:cJHxxJgsTq7ckgb4czFfgu5iQcf0wh2DhqpnAToZWQmE:cJRxJbTqBu4eSQcf0wS8WQm

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 1896	1832	6e9296113901d15ec5a5158e69b70383_JaffaCakes118.exe	28
PID 1832 wrote to memory of 1896	1832	6e9296113901d15ec5a5158e69b70383_JaffaCakes118.exe	28
PID 1832 wrote to memory of 1896	1832	6e9296113901d15ec5a5158e69b70383_JaffaCakes118.exe	28
PID 1832 wrote to memory of 1896	1832	6e9296113901d15ec5a5158e69b70383_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\6e9296113901d15ec5a5158e69b70383_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6e9296113901d15ec5a5158e69b70383_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Users\Admin\AppData\Local\Temp\6e9296113901d15ec5a5158e69b70383_JaffaCakes118.exe
  tear
  2⤵
  PID:1896

memory/1832-0-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/1832-1-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/1832-3-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/1896-4-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/1896-5-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/1896-6-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/1896-7-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download