6021ac0faad91af0e7a6d1322364c2215ae0b5295ec1bedbc183d9194e31d23d

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08-07-2024 18:39

Target

2d6900d2e7556e2c9b99c0d7b5480a03_JaffaCakes118.exe
Size

54KB
MD5

2d6900d2e7556e2c9b99c0d7b5480a03
SHA1

fca3bbab25f0355d555a1cbacf93468895a52b87
SHA256

6021ac0faad91af0e7a6d1322364c2215ae0b5295ec1bedbc183d9194e31d23d
SHA512

e62fac76f13e69961577a63208c2e1c771939c3bfd53d73c5198da5920532217797d3e461a71b6d4b7afb4d073532d56c6c9d6c22bb25230d75c209ac8b38758
SSDEEP

768:9evFIYm0on6HGavZUdQffoaFNnioNQpMGYZH4zJrCn3HkZZoq3z/zj7vS0xLehG8:YcV6HGavhgaTAJ2nUZ5fP+f

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1464	2d6900d2e7556e2c9b99c0d7b5480a03_JaffaCakes118.exe
1464	2d6900d2e7556e2c9b99c0d7b5480a03_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 1256	1464	2d6900d2e7556e2c9b99c0d7b5480a03_JaffaCakes118.exe	21
PID 1464 wrote to memory of 1256	1464	2d6900d2e7556e2c9b99c0d7b5480a03_JaffaCakes118.exe	21
PID 1464 wrote to memory of 1256	1464	2d6900d2e7556e2c9b99c0d7b5480a03_JaffaCakes118.exe	21
PID 1464 wrote to memory of 1256	1464	2d6900d2e7556e2c9b99c0d7b5480a03_JaffaCakes118.exe	21

memory/1256-1-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1256-5-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/1464-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1464-4-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1464-14-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download