b1ebdd1e1d490919894d339d4d512ef25f382d18a77557fd28785ef4fcd2afdd

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 20:01

Target

882e2c2b51650e2fec7529ae437fc3a5_JaffaCakes118.exe
Size

436KB
MD5

882e2c2b51650e2fec7529ae437fc3a5
SHA1

5abc069eaf62469f4032e0cdf46efcc1b1a61fe0
SHA256

b1ebdd1e1d490919894d339d4d512ef25f382d18a77557fd28785ef4fcd2afdd
SHA512

0ebbb91c318642189d65ca3fcac8565dbed80cd030af801aa1b129e3380b0441bdcba42abc5c1c90b23f3637a223718ee548e1da350427d25cdaa2653ce5bc33
SSDEEP

12288:NSwD3oXqDZY8Ah9YNQK20hjrmDfcX63iuO9SdqED8fAmYkZe3K0+6Q3tnf39yo1y:MEF2

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

883f3c3b62660f3gfc7639af547gc4a6_JaggaCalfs228.exe

pid process

2660 883f3c3b62660f3gfc7639af547gc4a6_JaggaCalfs228.exe
Loads dropped DLL 1 IoCs

Processes:

882e2c2b51650e2fec7529ae437fc3a5_JaffaCakes118.exe

pid process

2480 882e2c2b51650e2fec7529ae437fc3a5_JaffaCakes118.exe

pid	process
2660	883f3c3b62660f3gfc7639af547gc4a6_JaggaCalfs228.exe

pid	process
2480	882e2c2b51650e2fec7529ae437fc3a5_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

882e2c2b51650e2fec7529ae437fc3a5_JaffaCakes118.exe

description	pid	process	target process
PID 2480 wrote to memory of 2660	2480	882e2c2b51650e2fec7529ae437fc3a5_JaffaCakes118.exe	883f3c3b62660f3gfc7639af547gc4a6_JaggaCalfs228.exe
PID 2480 wrote to memory of 2660	2480	882e2c2b51650e2fec7529ae437fc3a5_JaffaCakes118.exe	883f3c3b62660f3gfc7639af547gc4a6_JaggaCalfs228.exe
PID 2480 wrote to memory of 2660	2480	882e2c2b51650e2fec7529ae437fc3a5_JaffaCakes118.exe	883f3c3b62660f3gfc7639af547gc4a6_JaggaCalfs228.exe
PID 2480 wrote to memory of 2660	2480	882e2c2b51650e2fec7529ae437fc3a5_JaffaCakes118.exe	883f3c3b62660f3gfc7639af547gc4a6_JaggaCalfs228.exe

C:\Users\Admin\AppData\Roaming\localservice\883f3c3b62660f3gfc7639af547gc4a6_JaggaCalfs228.exe
C:\Users\Admin\AppData\Roaming\localservice\883f3c3b62660f3gfc7639af547gc4a6_JaggaCalfs228.exe
2⤵
- Executes dropped EXE
PID:2660

\Users\Admin\AppData\Roaming\localservice\883f3c3b62660f3gfc7639af547gc4a6_JaggaCalfs228.exe

Filesize
436KB

MD5
882e2c2b51650e2fec7529ae437fc3a5

SHA1
5abc069eaf62469f4032e0cdf46efcc1b1a61fe0

SHA256
b1ebdd1e1d490919894d339d4d512ef25f382d18a77557fd28785ef4fcd2afdd

SHA512
0ebbb91c318642189d65ca3fcac8565dbed80cd030af801aa1b129e3380b0441bdcba42abc5c1c90b23f3637a223718ee548e1da350427d25cdaa2653ce5bc33

Download Submit
memory/2480-1-0x0000000004000000-0x0000000004070000-memory.dmp

Filesize
448KB

Download
memory/2480-0-0x000000000403F000-0x0000000004040000-memory.dmp

Filesize
4KB

Download
memory/2480-2-0x0000000000370000-0x00000000003AC000-memory.dmp

Filesize
240KB

Download
memory/2660-11-0x0000000004000000-0x0000000004070000-memory.dmp

Filesize
448KB

Download
memory/2660-13-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download