74bd838b53ac1140ceb57b98cfef93d39233a4a422b1839787fbfe00450edb1e

Analysis

max time kernel
149s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 16:54

Target

25942fabfc0a5ba38535cfa01c9c68d3_JaffaCakes118.exe
Size

289KB
MD5

25942fabfc0a5ba38535cfa01c9c68d3
SHA1

f5997437be794e150eeff612f3e6fbac80a79fc5
SHA256

74bd838b53ac1140ceb57b98cfef93d39233a4a422b1839787fbfe00450edb1e
SHA512

a906b1f776b1f81570bacb63eece559151573a5150c37a2ded755ac9b549e249c0b239ecd3e85b0fc0b20dda674ba162a7f4e4b61d9c11f3e76562387836b21b
SSDEEP

6144:ekScapLv8dq1DwvCV4Dt+cveB5dVNR1g0zZJ2wn+2nbKG:PSc+v4q1zVWMBdO0NQyB

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3848	B323.tmp

Loads dropped DLL 2 IoCs

pid	Process
1488	25942fabfc0a5ba38535cfa01c9c68d3_JaffaCakes118.exe
1488	25942fabfc0a5ba38535cfa01c9c68d3_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1488	25942fabfc0a5ba38535cfa01c9c68d3_JaffaCakes118.exe
1488	25942fabfc0a5ba38535cfa01c9c68d3_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 3848	1488	25942fabfc0a5ba38535cfa01c9c68d3_JaffaCakes118.exe	83
PID 1488 wrote to memory of 3848	1488	25942fabfc0a5ba38535cfa01c9c68d3_JaffaCakes118.exe	83
PID 1488 wrote to memory of 3848	1488	25942fabfc0a5ba38535cfa01c9c68d3_JaffaCakes118.exe	83
PID 1488 wrote to memory of 2772	1488	25942fabfc0a5ba38535cfa01c9c68d3_JaffaCakes118.exe	84
PID 1488 wrote to memory of 2772	1488	25942fabfc0a5ba38535cfa01c9c68d3_JaffaCakes118.exe	84
PID 1488 wrote to memory of 2772	1488	25942fabfc0a5ba38535cfa01c9c68d3_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\25942fabfc0a5ba38535cfa01c9c68d3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\25942fabfc0a5ba38535cfa01c9c68d3_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Users\Admin\AppData\Local\Temp\B323.tmp
  C:\Users\Admin\AppData\Local\Temp\B323.tmp
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Users\Admin\AppData\Local\Temp\25942fabfc0a5ba38535cfa01c9c68d3_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\25942fabfc0a5ba38535cfa01c9c68d3_JaffaCakes118.exe" --cp "C:\Users\Admin\AppData\Local\Temp\B334.tmp"
  2⤵
  PID:2772

C:\Users\Admin\AppData\Local\Temp\B323.tmp

Filesize
242KB

MD5
caee15e43bbf8a0bbbbfd6c6cf13b98c

SHA1
a50669c8ada94663cbe387350fc910f7d931a78c

SHA256
104f999e0b3e8eab96643914e9bffbe8948eb36617c3942fbb156fa91a55aa12

SHA512
c7b7c9d398e784bb0adacb1a2dbf31b4f6528ce7a46c68d244fa895593e4702e158c6f1eea82beada12a438c308fa20b13b8f23103c1c230b8403058985601a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\B334.tmp

Filesize
289KB

MD5
e64c390000c53b5913e708e3cd3964f5

SHA1
f4bd75a6f683ef4fa27a09eb66ca75fb2d9ba999

SHA256
16165d3817f14e6d4126e0151410072693d0b040561ef6dfab4345d280cf9240

SHA512
1dae90eb128f5b368dc5e12ece5b4a724e4f8af10514c21f0e563620d8df91c5e0e0ca41b1432189868ad41f227d59255f2951fee9a8278bd4590481df14228b

Download Submit
memory/1488-0-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1488-1-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2772-14-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/3848-7-0x0000000000400000-0x000000000043E1D8-memory.dmp

Filesize
248KB

Download