e01b49b31de1ad4dcacaa40489bf46f610f3e079d7645858d44209174401d700

Analysis

max time kernel
117s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 14:56

Target

2cc5d7e896e6548c6afecfb27056434e_JaffaCakes118.exe
Size

401KB
MD5

2cc5d7e896e6548c6afecfb27056434e
SHA1

60281a3ff37e8feb45f0a28ed290450de17de7b7
SHA256

e01b49b31de1ad4dcacaa40489bf46f610f3e079d7645858d44209174401d700
SHA512

c87ada33cbe7a5f8784e7b735b924509eb65e7169260e4d508f3d89a0733a7ac11c6b82631316dc3042fce820019ab734e358c2e0f99cbb35928a8b1c3ac8b26
SSDEEP

12288:aTGeamYVgtj44mynIqAB1VDUG9RP5WqoSY:aKrmDRkqw1FhRhe

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3220	Videc.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3220 set thread context of 3812	3220	Videc.exe	87

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Videc.exe	2cc5d7e896e6548c6afecfb27056434e_JaffaCakes118.exe
File created	C:\Windows\Videc.exe	2cc5d7e896e6548c6afecfb27056434e_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3812	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 2036	2712	2cc5d7e896e6548c6afecfb27056434e_JaffaCakes118.exe	88
PID 2712 wrote to memory of 2036	2712	2cc5d7e896e6548c6afecfb27056434e_JaffaCakes118.exe	88
PID 2712 wrote to memory of 2036	2712	2cc5d7e896e6548c6afecfb27056434e_JaffaCakes118.exe	88
PID 3220 wrote to memory of 3812	3220	Videc.exe	87
PID 3220 wrote to memory of 3812	3220	Videc.exe	87
PID 3220 wrote to memory of 3812	3220	Videc.exe	87
PID 3220 wrote to memory of 3812	3220	Videc.exe	87
PID 3220 wrote to memory of 3812	3220	Videc.exe	87

C:\Users\Admin\AppData\Local\Temp\2cc5d7e896e6548c6afecfb27056434e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2cc5d7e896e6548c6afecfb27056434e_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\YFYLTT.bat
  2⤵
  PID:2036

C:\Windows\Videc.exe
C:\Windows\Videc.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3220
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" 30143
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:3812

C:\Users\Admin\AppData\Local\Temp\YFYLTT.bat

Filesize
218B

MD5
7386975075a8416290dd8d25127e7e49

SHA1
5ddbbbb5a6d2d01ffac0008923986fe38ac1243d

SHA256
b359d64623478b0fbc4bb484a1733306a56aae60daa29ddfbcfb1a485420428c

SHA512
7607816abed83cb04025e63883f4265569132b073381c67ae421eb3e3e7fc95f1a7c17dfd0db4927dc7448a0a57f9ad05fa4a02a240e0d2e4946546fe75741ac

Download Submit
C:\Windows\Videc.exe

Filesize
401KB

MD5
2cc5d7e896e6548c6afecfb27056434e

SHA1
60281a3ff37e8feb45f0a28ed290450de17de7b7

SHA256
e01b49b31de1ad4dcacaa40489bf46f610f3e079d7645858d44209174401d700

SHA512
c87ada33cbe7a5f8784e7b735b924509eb65e7169260e4d508f3d89a0733a7ac11c6b82631316dc3042fce820019ab734e358c2e0f99cbb35928a8b1c3ac8b26

Download Submit
memory/2712-0-0x0000000010000000-0x00000000100BB000-memory.dmp

Filesize
748KB

Download
memory/2712-1-0x00000000009E0000-0x00000000009E1000-memory.dmp

Filesize
4KB

Download
memory/2712-12-0x0000000010000000-0x00000000100BB000-memory.dmp

Filesize
748KB

Download
memory/3220-5-0x0000000010000000-0x00000000100BB000-memory.dmp

Filesize
748KB

Download
memory/3220-7-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/3220-14-0x0000000010000000-0x00000000100BB000-memory.dmp

Filesize
748KB

Download
memory/3812-10-0x0000000010000000-0x00000000100BB000-memory.dmp

Filesize
748KB

Download