5f892f4bdd30c6ddac81c48aa74e8c1a07a0f1fae6857af0665602cd1dc547f9

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 17:52

Target

1bf236c9814da5fa2732673fc8eaacb9_JaffaCakes118.exe
Size

553KB
MD5

1bf236c9814da5fa2732673fc8eaacb9
SHA1

e2b388b3072f623735bca7e3f41e296a093efd5a
SHA256

5f892f4bdd30c6ddac81c48aa74e8c1a07a0f1fae6857af0665602cd1dc547f9
SHA512

753697d61db8cbecf3cb38b97a5a95c823a797e8431fa4ee1c47f4043cb70c4dede23b0dae7bec35bc5b0a57781bc43d8172f806893bcf675c291c53e4daac03
SSDEEP

12288:7F6K/qyc1UoTqo3FYOlJg6kTD7L1XbcaGOiLNEhXhc:BFiRCwqc1lJYTD7LnGOiSA

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1912	sxe20EB.tmp

Loads dropped DLL 3 IoCs

pid	Process
2740	1bf236c9814da5fa2732673fc8eaacb9_JaffaCakes118.exe
2740	1bf236c9814da5fa2732673fc8eaacb9_JaffaCakes118.exe
2740	1bf236c9814da5fa2732673fc8eaacb9_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 1912	2740	1bf236c9814da5fa2732673fc8eaacb9_JaffaCakes118.exe	28
PID 2740 wrote to memory of 1912	2740	1bf236c9814da5fa2732673fc8eaacb9_JaffaCakes118.exe	28
PID 2740 wrote to memory of 1912	2740	1bf236c9814da5fa2732673fc8eaacb9_JaffaCakes118.exe	28
PID 2740 wrote to memory of 1912	2740	1bf236c9814da5fa2732673fc8eaacb9_JaffaCakes118.exe	28
PID 2740 wrote to memory of 1912	2740	1bf236c9814da5fa2732673fc8eaacb9_JaffaCakes118.exe	28
PID 2740 wrote to memory of 1912	2740	1bf236c9814da5fa2732673fc8eaacb9_JaffaCakes118.exe	28
PID 2740 wrote to memory of 1912	2740	1bf236c9814da5fa2732673fc8eaacb9_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\1bf236c9814da5fa2732673fc8eaacb9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1bf236c9814da5fa2732673fc8eaacb9_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Users\Admin\AppData\Local\Temp\sxe20EB.tmp
  "C:\Users\Admin\AppData\Local\Temp\sxe20EB.tmp"
  2⤵
  - Executes dropped EXE
  PID:1912

\Users\Admin\AppData\Local\Temp\sxe20D9.tmp

Filesize
15KB

MD5
bd815b61f9948f93aface4033fbb4423

SHA1
b5391484009b39053fc8b1bba63d444969bafcfa

SHA256
b018bf9e9f8b6d945e6a2a25984970634884afabc580af2b4e855730520d5d76

SHA512
a363abe97b5a44e5d36af859e8d484daffe1d8e321c87969a75d1bfaa4288a5e6be1922a02c6d72937c84e81a79a1c7f6c9f2a44a995cac3f993ed5608afcd71

Download Submit
\Users\Admin\AppData\Local\Temp\sxe20EB.tmp

Filesize
967KB

MD5
ea8bd562b3c7f913cc6aa25c4ef5fd5b

SHA1
94d712227c29034cc7ce577c650bb821aff5f4ac

SHA256
57f2db6227f01733e4603a18e38a64fdfef399ac511e814203d50563fefa303e

SHA512
68f924e35ffcfaffdcdd39b694fd756ffde9ed1aa5d308898a76cec5113f355239f1694a9e5076659685513f9cdc92564e47f21e57112eb3d87b6692c477b7bc

Download Submit
memory/1912-16-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download