c2b0231b862a7fd8ec259b26f761c2cff793024ebd1ecc36684426e621f84af1

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 17:29

Target

1be0cd6c65314efe6e7604a83e25361a_JaffaCakes118.exe
Size

647KB
MD5

1be0cd6c65314efe6e7604a83e25361a
SHA1

9ff82e1c5740a40c5f2558cdc04a21a97375dde5
SHA256

c2b0231b862a7fd8ec259b26f761c2cff793024ebd1ecc36684426e621f84af1
SHA512

4009c492d17e1a035ece3ec78b1ccb59e8be6734c54b53c2d8d6fd42598f8ad34cc7c8fd84dd50994de27bc15588ab5ecff42064bf0bdc892bb6b7a8d09e36cc
SSDEEP

12288:WdU0BFtvsPUkGXgDkmBxAJmKVg8zThh6XQ17+XUA8fTqyN:OVXtyLGwDJkJxVVzXII7+B8fTq

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2584	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2168	G_Server2007.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\G_Server2007.exe	1be0cd6c65314efe6e7604a83e25361a_JaffaCakes118.exe
File opened for modification	C:\Windows\G_Server2007.exe	1be0cd6c65314efe6e7604a83e25361a_JaffaCakes118.exe
File created	C:\Windows\G_Server2007.DLL	G_Server2007.exe
File created	C:\Windows\RAV2007.BAT	1be0cd6c65314efe6e7604a83e25361a_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 2584	1868	1be0cd6c65314efe6e7604a83e25361a_JaffaCakes118.exe	29
PID 1868 wrote to memory of 2584	1868	1be0cd6c65314efe6e7604a83e25361a_JaffaCakes118.exe	29
PID 1868 wrote to memory of 2584	1868	1be0cd6c65314efe6e7604a83e25361a_JaffaCakes118.exe	29
PID 1868 wrote to memory of 2584	1868	1be0cd6c65314efe6e7604a83e25361a_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\1be0cd6c65314efe6e7604a83e25361a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1be0cd6c65314efe6e7604a83e25361a_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\RAV2007.BAT
  2⤵
  - Deletes itself
  PID:2584

C:\Windows\G_Server2007.exe

Filesize
647KB

MD5
1be0cd6c65314efe6e7604a83e25361a

SHA1
9ff82e1c5740a40c5f2558cdc04a21a97375dde5

SHA256
c2b0231b862a7fd8ec259b26f761c2cff793024ebd1ecc36684426e621f84af1

SHA512
4009c492d17e1a035ece3ec78b1ccb59e8be6734c54b53c2d8d6fd42598f8ad34cc7c8fd84dd50994de27bc15588ab5ecff42064bf0bdc892bb6b7a8d09e36cc

Download Submit
C:\Windows\RAV2007.BAT

Filesize
218B

MD5
f599f27be0e05413567d8568440c6d68

SHA1
e52639b2bf80b896842d1201b2f9d684a87ca0a0

SHA256
44d83ef25c5620c3ca784defb2d9b7ede7966bdc410f80f7c89457647d686e0c

SHA512
51b4cec6c0880c853685d6d2573469b57d54ae7f989c0222f533536db5e9c3a83bd29368eb885aea07ac0503d473d1f549d215ff5d3197fce5d06478e0e4b2e9

Download Submit
memory/1868-11-0x0000000000400000-0x00000000004A7000-memory.dmp

Filesize
668KB

Download
memory/2168-3-0x0000000000400000-0x00000000004A7000-memory.dmp

Filesize
668KB

Download