c1bdec6d7d8a5b2c221123ff2fd6f438b8f68d93a363ea91c6846a667f77a98b

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 21:35

Target

264ba1a55602eeeda3f235a92ebeae57_JaffaCakes118.exe
Size

39KB
MD5

264ba1a55602eeeda3f235a92ebeae57
SHA1

20b56c2a183dbb96e99607c3e84173f0049c7de5
SHA256

c1bdec6d7d8a5b2c221123ff2fd6f438b8f68d93a363ea91c6846a667f77a98b
SHA512

c1bacfd8ea1f3a7c6d5692c3a670f298942d53e406febbdb4ea1dc76914875689fec2425e6acb2d50aaabbb4ba750ea42ca8d8be30407f3b924c91f6840e0513
SSDEEP

768:lJSzGYd8Y5tBSnQxm6WK/SiuhmEKq1PH3nfp:lj8bBKQxm6WhR7Kq1PXfp

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2448	tmp.exe

Loads dropped DLL 2 IoCs

pid	Process
2476	264ba1a55602eeeda3f235a92ebeae57_JaffaCakes118.exe
2476	264ba1a55602eeeda3f235a92ebeae57_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2476	264ba1a55602eeeda3f235a92ebeae57_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2448	2476	264ba1a55602eeeda3f235a92ebeae57_JaffaCakes118.exe	28
PID 2476 wrote to memory of 2448	2476	264ba1a55602eeeda3f235a92ebeae57_JaffaCakes118.exe	28
PID 2476 wrote to memory of 2448	2476	264ba1a55602eeeda3f235a92ebeae57_JaffaCakes118.exe	28
PID 2476 wrote to memory of 2448	2476	264ba1a55602eeeda3f235a92ebeae57_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\264ba1a55602eeeda3f235a92ebeae57_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\264ba1a55602eeeda3f235a92ebeae57_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Users\Admin\AppData\Local\Temp\tmp.exe
  C:\Users\Admin\AppData\Local\Temp\tmp.exe
  2⤵
  - Executes dropped EXE
  PID:2448

\Users\Admin\AppData\Local\Temp\tmp.exe

Filesize
15KB

MD5
157dfa1cd66b0df943184fbf10578556

SHA1
974ff43ef946f838773fedfb510fde161994cc49

SHA256
c24cfaf56c26b2a6ff2c0a3ed9aafb763e74578156281a09466d7baf458cc5a8

SHA512
d8c0a7d70a9060bc9dd2097e849e60a475cfcecd39f39d955e88b2f2dbef04eb47b382675cb9831d2034ff76b06190155ce09df8c249bc2b16c9bf436c4d3869

Download Submit
memory/2448-12-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2448-13-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2476-10-0x0000000000250000-0x000000000025C000-memory.dmp

Filesize
48KB

Download
memory/2476-9-0x0000000000250000-0x000000000025C000-memory.dmp

Filesize
48KB

Download