f60ac8f78b426f32bffff04627f33111a0b04e7b1e118676ed93cf39a09296dd

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-07-2024 01:20

Target

2a7b1a5ee9da259e3b57f8b6efc197cf_JaffaCakes118.exe
Size

63KB
MD5

2a7b1a5ee9da259e3b57f8b6efc197cf
SHA1

0019bd0c44f543d2148584d7fb1a14dc8a111fb8
SHA256

f60ac8f78b426f32bffff04627f33111a0b04e7b1e118676ed93cf39a09296dd
SHA512

1d506d076c6e81caa8027edc8eac6afbff96c0d5b2be9f10602ab2b42e4f3d48e2683ef993908f71f287cc89c03f4b929366e1424befe3b78022075896f7876b
SSDEEP

1536:g9wvQUreUbyzABq2e5khOs8C2F25Z1I+WIw:QA/yzv2e5kgzCUCWIw

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 1688	2796	2a7b1a5ee9da259e3b57f8b6efc197cf_JaffaCakes118.exe	29
PID 2796 wrote to memory of 1688	2796	2a7b1a5ee9da259e3b57f8b6efc197cf_JaffaCakes118.exe	29
PID 2796 wrote to memory of 1688	2796	2a7b1a5ee9da259e3b57f8b6efc197cf_JaffaCakes118.exe	29
PID 2796 wrote to memory of 1688	2796	2a7b1a5ee9da259e3b57f8b6efc197cf_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\2a7b1a5ee9da259e3b57f8b6efc197cf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2a7b1a5ee9da259e3b57f8b6efc197cf_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~1AB2.bat "C:\Users\Admin\AppData\Local\Temp\2a7b1a5ee9da259e3b57f8b6efc197cf_JaffaCakes118.exe"
  2⤵
  PID:1688

C:\Users\Admin\AppData\Local\Temp\~1AB2.bat

Filesize
75B

MD5
2f27d3a4c2d972df9625d8c574c9bf70

SHA1
450218231c83341de1fb3fe03100ee9198bb3df7

SHA256
387db5095c07e02b35c433991a006dc984dc4f099515e097935c459ce83f36b5

SHA512
93e02dfe30fcbfcc9e78c330bc188c322a29bb69a99b434b036735aaac3436f80fea77953bd82c6aae85ee8f78c79900a3f49f9898b9ae76a3b94c6138318a87

Download Submit
memory/2796-3-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download