ca46a1b0778c2f3a06c1ec8b6870c1983e9caa9a52ed3e5a4faa3f38f1ea05df

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 17:58

Target

16f48814678483bc9a25b8e1f85e8afd_JaffaCakes118.exe
Size

1.5MB
MD5

16f48814678483bc9a25b8e1f85e8afd
SHA1

1ce2436ea469b915d3de03692644e50febd4671a
SHA256

ca46a1b0778c2f3a06c1ec8b6870c1983e9caa9a52ed3e5a4faa3f38f1ea05df
SHA512

8061f352b953349bc037d534b9901bda13b54eb238bc3c311fe52185fad536a7d8720a6b68276a8aa9b9258464ffcf72547c49821398560685498e993493c174
SSDEEP

24576:stH/MYB2AfNKfbedtalkMdCMHzQMPIwYJLRqthKFz6FE4aS1WjR4v:mMmkDo/cCW9L6LRqthSqv

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2556	explorep.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\WINDOWS\explorep.exe	16f48814678483bc9a25b8e1f85e8afd_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of SetWindowsHookEx 4 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2556	2932	16f48814678483bc9a25b8e1f85e8afd_JaffaCakes118.exe	28
PID 2932 wrote to memory of 2556	2932	16f48814678483bc9a25b8e1f85e8afd_JaffaCakes118.exe	28
PID 2932 wrote to memory of 2556	2932	16f48814678483bc9a25b8e1f85e8afd_JaffaCakes118.exe	28
PID 2932 wrote to memory of 2556	2932	16f48814678483bc9a25b8e1f85e8afd_JaffaCakes118.exe	28

C:\Windows\explorep.exe

Filesize
952KB

MD5
cccce53070587ca7529c7faaa3c668aa

SHA1
01329eabb79ddad8204ffacd3bcd569f055c733f

SHA256
56a962ab0d435f1ebf057959ff89e9e72456315f7427ef072ce3c8ad181161ae

SHA512
405b2131cc421700a6feca2319d53622fe131711d9973da29feafb8da956ef3d4e613f70aa240f6277d1c43abc2de53e5e492e691f7ffbe9bd83d67d90248410

Download Submit