0a415648c78887e2afde72761e5f54cc276918a3dc9be606f765e777d5298a60

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 09:21

Target

04ae702d1560b4f176fa8c6dfaf622ca_JaffaCakes118.exe
Size

381KB
MD5

04ae702d1560b4f176fa8c6dfaf622ca
SHA1

e1600874b06f9c20c200e5680231e6487c7ba650
SHA256

0a415648c78887e2afde72761e5f54cc276918a3dc9be606f765e777d5298a60
SHA512

200b321da658749a148cfb54625442cdce35390d5d54ab9f9ffa1b69a119fad8a03b9617758e50b7e4196105c629b5b3f1f0bcf9478f66ba0d7a6c822da1bde4
SSDEEP

6144:xEdnEOr16I1RbHFbI8hhT24HzDE7GRAIgQm4+MCJlz/M:WdnEOrYIDrLq4HWI3m/FHz/M

Score

4^/10

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Config.ini	04ae702d1560b4f176fa8c6dfaf622ca_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 1784	2328	04ae702d1560b4f176fa8c6dfaf622ca_JaffaCakes118.exe	28
PID 2328 wrote to memory of 1784	2328	04ae702d1560b4f176fa8c6dfaf622ca_JaffaCakes118.exe	28
PID 2328 wrote to memory of 1784	2328	04ae702d1560b4f176fa8c6dfaf622ca_JaffaCakes118.exe	28
PID 2328 wrote to memory of 1784	2328	04ae702d1560b4f176fa8c6dfaf622ca_JaffaCakes118.exe	28

C:\Windows\tempbat.bat

Filesize
786B

MD5
6f5992a31e5efa68e11df0602ce1bb3e

SHA1
49b5054480afd415a837aec386215a3e08d7cf56

SHA256
791ed61673f95086f28dca588ed8ffd101e572001380ca5b85dbcd63d24e9693

SHA512
790edc29b73c615ff5040311a380d8c7c5507505d90b944ac4bb22ead060d4d3d1a74194f3e0b3a830d255ccfd47560a96451d29124bd7639193c75b7be0dcb9

Download Submit
memory/1784-21-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2328-0-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2328-29-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download