9528377b9d6e2915153dc69600ededb766a3f6d95c43d51736883519343ba72c

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 18:45

Target

293a6e05fa726303e93c060b1437c683_JaffaCakes118.exe
Size

54KB
MD5

293a6e05fa726303e93c060b1437c683
SHA1

292487f5e16dc937960ef1d928b7e3bf45f749ae
SHA256

9528377b9d6e2915153dc69600ededb766a3f6d95c43d51736883519343ba72c
SHA512

a5defacd18e834c0450288dd04cdbe382d9c9db243b5b370ac5a75763f41f6b40bfdc40f3f684e307ca130f5640f26eb266ddd4d66d7faa9c18e854f80cc58cd
SSDEEP

768:nevFIYm0on6HGavZRtQffoaFNnioeQpYG0RN8vDckgRUgz9KjqQOYxwA3HyLt4px:acV6HGavqgaCN4ck4iOQ3SDLt4pSXU

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2488	293a6e05fa726303e93c060b1437c683_JaffaCakes118.exe
2488	293a6e05fa726303e93c060b1437c683_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 1196	2488	293a6e05fa726303e93c060b1437c683_JaffaCakes118.exe	21
PID 2488 wrote to memory of 1196	2488	293a6e05fa726303e93c060b1437c683_JaffaCakes118.exe	21
PID 2488 wrote to memory of 1196	2488	293a6e05fa726303e93c060b1437c683_JaffaCakes118.exe	21
PID 2488 wrote to memory of 1196	2488	293a6e05fa726303e93c060b1437c683_JaffaCakes118.exe	21

memory/1196-1-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1196-5-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/2488-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2488-4-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2488-14-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download