9c78ed6ebbb66a793037899c15c5b060be742bb4bed082db18139447220e4c6c

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
07-07-2024 22:32

Target

2a00f54f1ae5a2e51baac664cf7fcdac_JaffaCakes118.exe
Size

656KB
MD5

2a00f54f1ae5a2e51baac664cf7fcdac
SHA1

14330ba5d6f7ddb92efa3ab2203b4c385f52da96
SHA256

9c78ed6ebbb66a793037899c15c5b060be742bb4bed082db18139447220e4c6c
SHA512

3e1d66ec30b3dbd6d85bf2b1008fee862fc5a230ab4fbbfe7f245195cba5a2cf90a1c086ea6b66505ce51cd90bfac0be9e401849e81462a4102c845a0ed10fb4
SSDEEP

12288:MLry/neyx7f/A64WHuohDCQXZQ/OV9KCgZRgdm0tPknQEi1tBw3an7j:qKeyxTAJWHbhmQXZCOixTgQ0BUJifBwk

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2156	wkqhshpaz.exe

Loads dropped DLL 1 IoCs

pid	Process
1872	2a00f54f1ae5a2e51baac664cf7fcdac_JaffaCakes118.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\wmhogb\wkqhshpaz.exe	2a00f54f1ae5a2e51baac664cf7fcdac_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 2156	1872	2a00f54f1ae5a2e51baac664cf7fcdac_JaffaCakes118.exe	29
PID 1872 wrote to memory of 2156	1872	2a00f54f1ae5a2e51baac664cf7fcdac_JaffaCakes118.exe	29
PID 1872 wrote to memory of 2156	1872	2a00f54f1ae5a2e51baac664cf7fcdac_JaffaCakes118.exe	29
PID 1872 wrote to memory of 2156	1872	2a00f54f1ae5a2e51baac664cf7fcdac_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\2a00f54f1ae5a2e51baac664cf7fcdac_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2a00f54f1ae5a2e51baac664cf7fcdac_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Program Files (x86)\wmhogb\wkqhshpaz.exe
  "C:\Program Files (x86)\wmhogb\wkqhshpaz.exe"
  2⤵
  - Executes dropped EXE
  PID:2156

C:\Program Files (x86)\wmhogb\wkqhshpaz.exe

Filesize
682KB

MD5
f7af5e0e8cb6e374183798d41d0ad1c3

SHA1
677b299cf022c18c5b69ab8e62f6cca61bf6ecdc

SHA256
77b9893070a3df62c95f8ee8742f738c70d4ad1a250aa28a7a0b88ebdb3d66b4

SHA512
acd3845284c24740f0512b0de9f2112bd907ca72084f874bbe0b49377db5b95ad661a4d8bdcbd3dc1def1e130ddf5c2b2194b0ecd019aef03423ddca55324137

Download Submit
memory/1872-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1872-2-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2156-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2156-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2156-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download