87ddbd9b7f2ae18e3c18ce6dade96e537d5d329426069d168d654a7d49485a3f

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 01:00

Target

01938d3aa009944eb199ba0373bab287_JaffaCakes118.exe
Size

13KB
MD5

01938d3aa009944eb199ba0373bab287
SHA1

4218af5716cf73d69496384280019f3842467896
SHA256

87ddbd9b7f2ae18e3c18ce6dade96e537d5d329426069d168d654a7d49485a3f
SHA512

71bd1e293978f6b092c438f68f8ac04baf5e49c43e93711a8ea25bdb6865125ab0182e5c2104111d96b17ec170c23cc3390edb41663ffb2dfbcd53d0f8cbb9ee
SSDEEP

384:Nlgn1I4uPAr6KB2AJYg/MCb0pjWXDc5LfwOD:bgni4SSJ1ECIpjeQd/D

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1080	cmd.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 1080	2304	01938d3aa009944eb199ba0373bab287_JaffaCakes118.exe	28
PID 2304 wrote to memory of 1080	2304	01938d3aa009944eb199ba0373bab287_JaffaCakes118.exe	28
PID 2304 wrote to memory of 1080	2304	01938d3aa009944eb199ba0373bab287_JaffaCakes118.exe	28
PID 2304 wrote to memory of 1080	2304	01938d3aa009944eb199ba0373bab287_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\01938d3aa009944eb199ba0373bab287_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\01938d3aa009944eb199ba0373bab287_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\01938d3aa009944eb199ba0373bab287_JaffaCakes118.exe"
  2⤵
  - Deletes itself
  PID:1080

memory/2304-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2304-2-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2304-1-0x000000000040F000-0x0000000000410000-memory.dmp

Filesize
4KB

Download
memory/2304-4-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download