78c85f9affc134d3152af9c9c73dc93b989681050043d4493ac64694df7c97f3

Analysis

max time kernel
93s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 03:10

Target

2ecb787def3aaaec411059c989832c73_JaffaCakes118.exe
Size

976KB
MD5

2ecb787def3aaaec411059c989832c73
SHA1

22cf76c95c414368bb828271ed318add8d6a4683
SHA256

78c85f9affc134d3152af9c9c73dc93b989681050043d4493ac64694df7c97f3
SHA512

550f7e36e0591cac356c0b0ef84b7f1eb1365199dcc17b8de333c5690eb77920038e35901ad0ef2d91c0fc968e6577ce239ee00955880c89027af3848e59721f
SSDEEP

24576:dgdhhQGGnnazLpj4VHogiuG/EVeJGQl+NPw3nFuqJg:dqgazxcGkegQaPw3kqS

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4452	syhf.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\cyumt\syhf.exe	2ecb787def3aaaec411059c989832c73_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 4452	4032	2ecb787def3aaaec411059c989832c73_JaffaCakes118.exe	82
PID 4032 wrote to memory of 4452	4032	2ecb787def3aaaec411059c989832c73_JaffaCakes118.exe	82
PID 4032 wrote to memory of 4452	4032	2ecb787def3aaaec411059c989832c73_JaffaCakes118.exe	82

C:\Users\Admin\AppData\Local\Temp\2ecb787def3aaaec411059c989832c73_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2ecb787def3aaaec411059c989832c73_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4032
- C:\Program Files (x86)\cyumt\syhf.exe
  "C:\Program Files (x86)\cyumt\syhf.exe"
  2⤵
  - Executes dropped EXE
  PID:4452

C:\Program Files (x86)\cyumt\syhf.exe

Filesize
991KB

MD5
41851d59994b345b6b8e4cb2c34377b8

SHA1
c9d110411dd871edb143a70a47ea1d84c369680a

SHA256
17dbc4f311d48f099b632b281dc28c0c06fcc26b2660e121ddb304b6e766a669

SHA512
f7af4b4a70f6a9015fa9fdbbf8bd06780d265d860d517ff37795fe6b919c9e8f2227cb83d3e97f3a4a5866d426f7d4cf5d9ad4c602b925f4796ea229ba21bfeb

Download Submit
memory/4032-4-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4452-5-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download