8f966abbdae0232750fc6bc15ef89427d614b11723ee98d422a856feff7af042

Analysis

max time kernel
142s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 22:37

Target

17c9376f15e8fabb93093090c7373d51_JaffaCakes118.exe
Size

15KB
MD5

17c9376f15e8fabb93093090c7373d51
SHA1

cc8263d1068a44867cb244e806115fbe5a85157e
SHA256

8f966abbdae0232750fc6bc15ef89427d614b11723ee98d422a856feff7af042
SHA512

eca7cb986a22624e9cdf050b792493cb4972306315a42f485d574a35e554b9d6b5e5e2210bb64ab7974de84a415234bd55712640dba9f15fd0fca54bed59eade
SSDEEP

384:QUBBgGVs+vyv69AtJ7Ebu+VMx5d7sB3dt:fr/VniLxx5FC3

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2072	17c9376f15e8fabb93093090c7373d51_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2072	17c9376f15e8fabb93093090c7373d51_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2576	2072	17c9376f15e8fabb93093090c7373d51_JaffaCakes118.exe	28
PID 2072 wrote to memory of 2576	2072	17c9376f15e8fabb93093090c7373d51_JaffaCakes118.exe	28
PID 2072 wrote to memory of 2576	2072	17c9376f15e8fabb93093090c7373d51_JaffaCakes118.exe	28
PID 2072 wrote to memory of 2576	2072	17c9376f15e8fabb93093090c7373d51_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\17c9376f15e8fabb93093090c7373d51_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\17c9376f15e8fabb93093090c7373d51_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Users\Admin\AppData\Local\Temp\17c9376f15e8fabb93093090c7373d51_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\17c9376f15e8fabb93093090c7373d51_JaffaCakes118.exe" "C:\Users\Admin\AppData\Local\Temp\cleaf764ecc.dll"
  2⤵
  PID:2576

C:\Users\Admin\AppData\Local\Temp\cleaf764ecc.dll

Filesize
15KB

MD5
2d7cabc37907d31a2dbeb2110a8aeb29

SHA1
e0ec267553c8717165f4e5c9cc212c87caa77186

SHA256
cb418947f0ba0843940c057559f7a2ea162b8f3453893c505ef81583ec68a100

SHA512
2c9f693241d4dac953361406c2a65966c9d29aa59bff58664c2700c6223bbb6ab6a7f6fb89efc6e6aa860e4bd1d5f9d700c0afe09500e6284a9ef40e0ad5ddb0

Download Submit
memory/2072-0-0x0000000000400000-0x0000000000406400-memory.dmp

Filesize
25KB

Download
memory/2072-3-0x0000000000020000-0x0000000000027000-memory.dmp

Filesize
28KB

Download
memory/2072-2-0x0000000000400000-0x0000000000406400-memory.dmp

Filesize
25KB

Download
memory/2072-1-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2072-11-0x0000000000020000-0x0000000000027000-memory.dmp

Filesize
28KB

Download
memory/2072-15-0x0000000000020000-0x0000000000027000-memory.dmp

Filesize
28KB

Download
memory/2576-4-0x0000000000400000-0x0000000000406400-memory.dmp

Filesize
25KB

Download
memory/2576-7-0x0000000000400000-0x0000000000406400-memory.dmp

Filesize
25KB

Download
memory/2576-8-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download