12a816d73d08047e4fcc391c88a6091b02dbf57869def82fd5893e9dd88253fa

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02-06-2024 05:16

Target

8d00b2b1d9819aaff73bd216ec970f99_JaffaCakes118.exe
Size

791KB
MD5

8d00b2b1d9819aaff73bd216ec970f99
SHA1

a05d53fd31769d0590314de95ac4313244b5a524
SHA256

12a816d73d08047e4fcc391c88a6091b02dbf57869def82fd5893e9dd88253fa
SHA512

133e3aab6830f40428375e3290809b5507d572c03abe4b3f0e791ae337e43287f3b1a59fcf78497ab7a90babea4c283575b1907fde3e90da3550e0a8f2a9eb58
SSDEEP

24576:uP7InSH/WKqBudW9e3/kfIZZOWSupx5AX9XmXI+xtT:uDOO/Wbr9Y/DyGrAXxuDT

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2084	8d00b2b1d9819aaff73bd216ec970f99_JaffaCakes118.tmp

Loads dropped DLL 1 IoCs

pid	Process
2804	8d00b2b1d9819aaff73bd216ec970f99_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 2084	2804	8d00b2b1d9819aaff73bd216ec970f99_JaffaCakes118.exe	28
PID 2804 wrote to memory of 2084	2804	8d00b2b1d9819aaff73bd216ec970f99_JaffaCakes118.exe	28
PID 2804 wrote to memory of 2084	2804	8d00b2b1d9819aaff73bd216ec970f99_JaffaCakes118.exe	28
PID 2804 wrote to memory of 2084	2804	8d00b2b1d9819aaff73bd216ec970f99_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\8d00b2b1d9819aaff73bd216ec970f99_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8d00b2b1d9819aaff73bd216ec970f99_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Users\Admin\AppData\Local\Temp\is-DRMDR.tmp\8d00b2b1d9819aaff73bd216ec970f99_JaffaCakes118.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-DRMDR.tmp\8d00b2b1d9819aaff73bd216ec970f99_JaffaCakes118.tmp" /SL5="$7011E,762151,56832,C:\Users\Admin\AppData\Local\Temp\8d00b2b1d9819aaff73bd216ec970f99_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  PID:2084

\Users\Admin\AppData\Local\Temp\is-DRMDR.tmp\8d00b2b1d9819aaff73bd216ec970f99_JaffaCakes118.tmp

Filesize
56KB

MD5
1ca2e27e3438845dd045f66fd1822d0d

SHA1
7de4c3b20981bb407b65ca453b8a3dc64672d9cb

SHA256
01958648d0deaf9ae456a3022836dc9143f373ada8797176b74f30520d7ea7e6

SHA512
5e3848630017f111be24a09b69920537a84a6cc57e148ab94637c04e7eb6e17d9215006e69ba106d63866a10d8773fb041215b39c877387ac6f75653edbbaa85

Download Submit
memory/2804-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2804-3-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/2804-8-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download