477ae6d6d164d1d4fea62e7c408cfe236478c78388611533dc7f000c7f62af9e

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 07:52

Target

27cc51b3d2def42566fbda0a08e816dc_JaffaCakes118.exe
Size

94KB
MD5

27cc51b3d2def42566fbda0a08e816dc
SHA1

f19de5230885ea5145f21125595314b8d8a12041
SHA256

477ae6d6d164d1d4fea62e7c408cfe236478c78388611533dc7f000c7f62af9e
SHA512

e64cbbdde1c1233d99a8227cf8466fba8844adf856756ea7975766e67a4dca0a5a712f9162906f242a2468a124914a138be0dab3aa78db2762d453ad97fb21ca
SSDEEP

1536:mZZJ9aBW6F0DAm4t/Om/bxnCnYF0CFOuq4GDboL+C/QPKirmFv6HNoH:mFoBLUAHm07F7q4nLTYPB6Foa

Score

1^/10

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 1732	1700	27cc51b3d2def42566fbda0a08e816dc_JaffaCakes118.exe	31
PID 1700 wrote to memory of 1732	1700	27cc51b3d2def42566fbda0a08e816dc_JaffaCakes118.exe	31
PID 1700 wrote to memory of 1732	1700	27cc51b3d2def42566fbda0a08e816dc_JaffaCakes118.exe	31
PID 1700 wrote to memory of 1732	1700	27cc51b3d2def42566fbda0a08e816dc_JaffaCakes118.exe	31
PID 1732 wrote to memory of 2276	1732	net.exe	33
PID 1732 wrote to memory of 2276	1732	net.exe	33
PID 1732 wrote to memory of 2276	1732	net.exe	33
PID 1732 wrote to memory of 2276	1732	net.exe	33
PID 1700 wrote to memory of 2488	1700	27cc51b3d2def42566fbda0a08e816dc_JaffaCakes118.exe	34
PID 1700 wrote to memory of 2488	1700	27cc51b3d2def42566fbda0a08e816dc_JaffaCakes118.exe	34
PID 1700 wrote to memory of 2488	1700	27cc51b3d2def42566fbda0a08e816dc_JaffaCakes118.exe	34
PID 1700 wrote to memory of 2488	1700	27cc51b3d2def42566fbda0a08e816dc_JaffaCakes118.exe	34
PID 2488 wrote to memory of 2116	2488	net.exe	36
PID 2488 wrote to memory of 2116	2488	net.exe	36
PID 2488 wrote to memory of 2116	2488	net.exe	36
PID 2488 wrote to memory of 2116	2488	net.exe	36

C:\Users\Admin\AppData\Local\Temp\27cc51b3d2def42566fbda0a08e816dc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\27cc51b3d2def42566fbda0a08e816dc_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\SysWOW64\net.exe
  net stop wscsvc
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1732
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop wscsvc
    3⤵
    PID:2276
- C:\Windows\SysWOW64\net.exe
  net stop SharedAccess
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2488
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop SharedAccess
    3⤵
    PID:2116

memory/1700-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1700-1-0x0000000000160000-0x000000000016B000-memory.dmp

Filesize
44KB

Download
memory/1700-2-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1700-5-0x0000000000160000-0x000000000016B000-memory.dmp

Filesize
44KB

Download
memory/1700-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1700-6-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download