9e1a6bd02e728555bbce91d5ad95016937c18458bd937d09abde77140dca6974

Analysis

max time kernel
140s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
19/06/2024, 19:59

Target

003d8680c9aebd46f75e3f4f1f909bae_JaffaCakes118.exe
Size

82KB
MD5

003d8680c9aebd46f75e3f4f1f909bae
SHA1

d79899fb7139bc78a965114ec42d686ea4fd8926
SHA256

9e1a6bd02e728555bbce91d5ad95016937c18458bd937d09abde77140dca6974
SHA512

0f234ace5b22e43eb94dc13b64618efbab6777238bf65d2bf5cb092e08c51c7313502855c0c57a209d4755384ad75b5c65432830e7364183639c222a7a874242
SSDEEP

1536:a/Oaen2TFXvWsFIQCOrbS7S82Cxw9Vc3WnEZBXLvTaTr9U10NM:1aen2JfWsFIVhK9SZBTuTr9pM

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1208	.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\.exe	003d8680c9aebd46f75e3f4f1f909bae_JaffaCakes118.exe
File created	C:\Windows\batch.bat	003d8680c9aebd46f75e3f4f1f909bae_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
704	003d8680c9aebd46f75e3f4f1f909bae_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 704 wrote to memory of 1208	704	003d8680c9aebd46f75e3f4f1f909bae_JaffaCakes118.exe	87
PID 704 wrote to memory of 1208	704	003d8680c9aebd46f75e3f4f1f909bae_JaffaCakes118.exe	87
PID 704 wrote to memory of 1208	704	003d8680c9aebd46f75e3f4f1f909bae_JaffaCakes118.exe	87
PID 1208 wrote to memory of 3356	1208	.exe	55
PID 1208 wrote to memory of 3356	1208	.exe	55
PID 1208 wrote to memory of 3356	1208	.exe	55
PID 1208 wrote to memory of 3356	1208	.exe	55
PID 1208 wrote to memory of 3356	1208	.exe	55
PID 1208 wrote to memory of 3356	1208	.exe	55

C:\Windows\.exe

Filesize
49KB

MD5
add3f1d7f5607955ae3ee747ca806e93

SHA1
8d6d266f1d33103395471189a6b5c79ce621ed92

SHA256
8c2c2d6395bb710394d007a3bdaa5646bfd78e23dac56194baa532aea6938f8b

SHA512
9a979a7132b4a80f30db3d622ff45edd355f976c41e4e643c85a291e54e02d5ecf2c84631c1e96d5de34963a480be6d3da10a10d703ef5888670fd541a822482

Download Submit
memory/1208-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1208-8-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/1208-17-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/1208-16-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3356-10-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/3356-12-0x000000007FFC0000-0x000000007FFC6000-memory.dmp

Filesize
24KB

Download