ce4ce67dac6253d2463c647d2f6e551faafc8417988ab99ea9fab0247cf10d56

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 11:43

Target

084fdf942b017dc68177960f75c34bc0_JaffaCakes118.exe
Size

579KB
MD5

084fdf942b017dc68177960f75c34bc0
SHA1

49bcad199b4e526b46c20ce660d56490bed96a53
SHA256

ce4ce67dac6253d2463c647d2f6e551faafc8417988ab99ea9fab0247cf10d56
SHA512

e4ff73375d76d2e05611d46861e4727de288272b50d2c4eb523bfc0767380832efbbf1ccda90006fff413cfc30e5f1869618ad381c59a1d3f5d9fe0f156c22c4
SSDEEP

12288:Rh/Q2tCRxdrD+mlvP/veVabODrm7lglQbaiUqG3hTu:P/Q2texdr5vP/vRju+Qs

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 2944	2412	084fdf942b017dc68177960f75c34bc0_JaffaCakes118.exe	28
PID 2412 wrote to memory of 2944	2412	084fdf942b017dc68177960f75c34bc0_JaffaCakes118.exe	28
PID 2412 wrote to memory of 2944	2412	084fdf942b017dc68177960f75c34bc0_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\084fdf942b017dc68177960f75c34bc0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\084fdf942b017dc68177960f75c34bc0_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 424
  2⤵
  PID:2944

memory/2412-0-0x000007FEF5EFE000-0x000007FEF5EFF000-memory.dmp

Filesize
4KB

Download
memory/2412-1-0x000007FEF5C40000-0x000007FEF65DD000-memory.dmp

Filesize
9.6MB

Download
memory/2412-2-0x000007FEF5C40000-0x000007FEF65DD000-memory.dmp

Filesize
9.6MB

Download
memory/2412-4-0x000007FEF5C40000-0x000007FEF65DD000-memory.dmp

Filesize
9.6MB

Download
memory/2944-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download