a8ad1aada17c426b31bd5b336cfa097684c0cf7db45fe47d3b273e6067495767

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 05:21

Target

2b1f6992b4e5a1c91f9a61274c7c7612_JaffaCakes118.exe
Size

21KB
MD5

2b1f6992b4e5a1c91f9a61274c7c7612
SHA1

1add3a03dabf1b269353c777d90ba144cf57d39f
SHA256

a8ad1aada17c426b31bd5b336cfa097684c0cf7db45fe47d3b273e6067495767
SHA512

d957cea20a855d516fd6aaa34a42026e89e74242d5756d3909afb148fff1d5bc370be65b83da0bd42d237a9698780dbd302c60451f811320c6e5f97dd5394549
SSDEEP

384:mji7GOu9kIokmgU6dB3uSZR8Q/pIurIE25llglkfUguTWQhAXivwdY231uH3if2F:VMk1gpea//kT5lKkpua40BY2a3e2IVXI

Score

7^/10

Loads dropped DLL 2 IoCs

pid	Process
2556	2b1f6992b4e5a1c91f9a61274c7c7612_JaffaCakes118.exe
1128	WerFault.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\RemoteDbg.dll	2b1f6992b4e5a1c91f9a61274c7c7612_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\RemoteDbg.dll	2b1f6992b4e5a1c91f9a61274c7c7612_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1128	2556	WerFault.exe	29

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2556	2b1f6992b4e5a1c91f9a61274c7c7612_JaffaCakes118.exe
2556	2b1f6992b4e5a1c91f9a61274c7c7612_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 1128	2556	2b1f6992b4e5a1c91f9a61274c7c7612_JaffaCakes118.exe	30
PID 2556 wrote to memory of 1128	2556	2b1f6992b4e5a1c91f9a61274c7c7612_JaffaCakes118.exe	30
PID 2556 wrote to memory of 1128	2556	2b1f6992b4e5a1c91f9a61274c7c7612_JaffaCakes118.exe	30
PID 2556 wrote to memory of 1128	2556	2b1f6992b4e5a1c91f9a61274c7c7612_JaffaCakes118.exe	30

\Users\Admin\AppData\Local\Temp\2b1f6992b4e5a1c91f9a61274c7c7612_JaffaCakes118.dat

Filesize
19KB

MD5
8c9f5bc173354aa9927affae1ba237f8

SHA1
a0003121651322e962158f72bc10b2a553917ba7

SHA256
94028b2eef03d652fc0fa266a73125e1d9ab834e72c495cd71ffae17fbd9e159

SHA512
936c8a89988eaaa732be275f2452933d1e3ac5b16759a467388d3552ff306913a2c397c1d67527f928fc9416bbb8515080728f60e91e1b2f043e315bb6693489

Download Submit
memory/2556-1-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2556-2-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2556-9-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2556-8-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download