e688a72b6db3c581fe19552ff1de5ae3fdd7294024c7c441d24edc6fede69e1c

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15-06-2024 15:14

Target

af09db478f1022171c9ecc8ac97fcb60_JaffaCakes118.exe
Size

552KB
MD5

af09db478f1022171c9ecc8ac97fcb60
SHA1

da7ff0c2beb047706912e9fb3670dea99955eaa9
SHA256

e688a72b6db3c581fe19552ff1de5ae3fdd7294024c7c441d24edc6fede69e1c
SHA512

c4c6de7b85510fb5fa2c56ff04fe618a0a0407860d782e9c2e668f5f5b434f41e43be541846ba575b95ac57d72e3f424ef703079ce090f4bb569106f72dcd53f
SSDEEP

12288:gwpAv13h/zf0u8IaLMnW5H+WFudD6Hj0F:d+LzSLLaWjj0F

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 3000	2984	af09db478f1022171c9ecc8ac97fcb60_JaffaCakes118.exe	28
PID 2984 wrote to memory of 3000	2984	af09db478f1022171c9ecc8ac97fcb60_JaffaCakes118.exe	28
PID 2984 wrote to memory of 3000	2984	af09db478f1022171c9ecc8ac97fcb60_JaffaCakes118.exe	28
PID 2984 wrote to memory of 3000	2984	af09db478f1022171c9ecc8ac97fcb60_JaffaCakes118.exe	28
PID 2984 wrote to memory of 2040	2984	af09db478f1022171c9ecc8ac97fcb60_JaffaCakes118.exe	29
PID 2984 wrote to memory of 2040	2984	af09db478f1022171c9ecc8ac97fcb60_JaffaCakes118.exe	29
PID 2984 wrote to memory of 2040	2984	af09db478f1022171c9ecc8ac97fcb60_JaffaCakes118.exe	29
PID 2984 wrote to memory of 2040	2984	af09db478f1022171c9ecc8ac97fcb60_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\af09db478f1022171c9ecc8ac97fcb60_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\af09db478f1022171c9ecc8ac97fcb60_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Users\Admin\AppData\Local\Temp\af09db478f1022171c9ecc8ac97fcb60_JaffaCakes118.exe
  start
  2⤵
  PID:3000
- C:\Users\Admin\AppData\Local\Temp\af09db478f1022171c9ecc8ac97fcb60_JaffaCakes118.exe
  watch
  2⤵
  PID:2040

memory/2040-6-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2040-5-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2984-3-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2984-1-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2984-0-0x0000000000472000-0x0000000000475000-memory.dmp

Filesize
12KB

Download
memory/2984-9-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/3000-4-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/3000-7-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download