c8898c91c35f56349046f75d11f425b6c21b2bf9e2637498a651657c1cb1ec9c

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 10:00

Target

946ad5279f34c82ce0bc7e013dd7a57d_JaffaCakes118.exe
Size

6KB
MD5

946ad5279f34c82ce0bc7e013dd7a57d
SHA1

f6533544d35c64faff389d3ebbeb7cd19dacfa04
SHA256

c8898c91c35f56349046f75d11f425b6c21b2bf9e2637498a651657c1cb1ec9c
SHA512

3ac91a032f9168bc934e60049a7f5560152a0518efefdfcbd9a2eb14a217facfe231083fdec41ebcbe35b9492e04027c5cf262eb33b7d7c143f1b873a9c88102
SSDEEP

96:FxterBjCw3zfxfLDi7LL2kLnb9qLKLGoFdeJpJrepRr97oxzNt:FLUBjCwhLDmLL3Ln5qLKLP8pJrIr90T

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2544	2388	946ad5279f34c82ce0bc7e013dd7a57d_JaffaCakes118.exe	28
PID 2388 wrote to memory of 2544	2388	946ad5279f34c82ce0bc7e013dd7a57d_JaffaCakes118.exe	28
PID 2388 wrote to memory of 2544	2388	946ad5279f34c82ce0bc7e013dd7a57d_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\946ad5279f34c82ce0bc7e013dd7a57d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\946ad5279f34c82ce0bc7e013dd7a57d_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 760
  2⤵
  PID:2544

memory/2388-0-0x000007FEF5DCE000-0x000007FEF5DCF000-memory.dmp

Filesize
4KB

Download
memory/2388-1-0x000007FEF5B10000-0x000007FEF64AD000-memory.dmp

Filesize
9.6MB

Download
memory/2388-3-0x000007FEF5B10000-0x000007FEF64AD000-memory.dmp

Filesize
9.6MB

Download
memory/2544-2-0x0000000002080000-0x0000000002081000-memory.dmp

Filesize
4KB

Download