a02b015c595ee92aa45ca9e47ca14358a47d36d3ed394408c5b1690daa44aa83

Analysis

max time kernel
134s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 13:50

Target

1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe
Size

1.1MB
MD5

1b8a7388c57cc01a6a04f4d4b0e1831b
SHA1

2de1b718adae93f11c2df36abacc68a9c8c5d09f
SHA256

a02b015c595ee92aa45ca9e47ca14358a47d36d3ed394408c5b1690daa44aa83
SHA512

38184e169fd2bc2e2e4af777a7b1fbf3f6adc7d391767412f6a7f147d7423f33edc72a6e63311b8d9c9f92fb8c593c8892c20da5301345cffda30a8fd348f86f
SSDEEP

1536:s3iBemo5PK+dTGq5X0u8iQHp1b48weg0GwMzQrzoN7xcncFlFSmm:bsFPVr59HqTM8Fg0GkcNanc/FSmm

Score

7^/10

Executes dropped EXE 2 IoCs

pid	Process
2796	MsSvc32.exe
2372	MsSvc32.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\WinSvc32	1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe	1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe	1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WinSvc32	MsSvc32.exe
File created	C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe	MsSvc32.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1108	1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe
1108	1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe
2796	MsSvc32.exe
2796	MsSvc32.exe
2372	MsSvc32.exe
2372	MsSvc32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 2796	1108	1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe	94
PID 1108 wrote to memory of 2796	1108	1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe	94
PID 1108 wrote to memory of 2796	1108	1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe	94
PID 2796 wrote to memory of 2372	2796	MsSvc32.exe	95
PID 2796 wrote to memory of 2372	2796	MsSvc32.exe	95
PID 2796 wrote to memory of 2372	2796	MsSvc32.exe	95

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4164 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:876

C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe

Filesize
1.1MB

MD5
1b8a7388c57cc01a6a04f4d4b0e1831b

SHA1
2de1b718adae93f11c2df36abacc68a9c8c5d09f

SHA256
a02b015c595ee92aa45ca9e47ca14358a47d36d3ed394408c5b1690daa44aa83

SHA512
38184e169fd2bc2e2e4af777a7b1fbf3f6adc7d391767412f6a7f147d7423f33edc72a6e63311b8d9c9f92fb8c593c8892c20da5301345cffda30a8fd348f86f

Download Submit
memory/1108-0-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1108-1-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1108-8-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2372-13-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2796-11-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download