59e413b4db8a414f1cf2b1fa1ee6a2224896caf7fb2ef7fe1075b4e5574924a4

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 12:19

Target

3059bcdd77fbe0c61d6b31c293c07ce3_JaffaCakes118.exe
Size

136KB
MD5

3059bcdd77fbe0c61d6b31c293c07ce3
SHA1

45e514a298436a12326253ba5c487e105fb8d975
SHA256

59e413b4db8a414f1cf2b1fa1ee6a2224896caf7fb2ef7fe1075b4e5574924a4
SHA512

be4107dd2ffab0b19a788a60969253d12d461afa783b18fa60986ff17642ec4a82f5f5db9399f40d11b6053f94f84ca78823624c083f9db9e929e2a4babb440d
SSDEEP

1536:J1qnQxlaefGsEmNIT08JI/ptMfBQeQmb9kKhwR7JMaCa2YVOcKjKZ6x4:UUla8oT/CptqRkLT+a2YVONWZ6x4

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2244	winload.exe

Loads dropped DLL 2 IoCs

pid	Process
2624	3059bcdd77fbe0c61d6b31c293c07ce3_JaffaCakes118.exe
2624	3059bcdd77fbe0c61d6b31c293c07ce3_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2244	winload.exe
2244	winload.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2244	2624	3059bcdd77fbe0c61d6b31c293c07ce3_JaffaCakes118.exe	30
PID 2624 wrote to memory of 2244	2624	3059bcdd77fbe0c61d6b31c293c07ce3_JaffaCakes118.exe	30
PID 2624 wrote to memory of 2244	2624	3059bcdd77fbe0c61d6b31c293c07ce3_JaffaCakes118.exe	30
PID 2624 wrote to memory of 2244	2624	3059bcdd77fbe0c61d6b31c293c07ce3_JaffaCakes118.exe	30
PID 2244 wrote to memory of 1184	2244	winload.exe	21
PID 2244 wrote to memory of 1184	2244	winload.exe	21
PID 2244 wrote to memory of 1184	2244	winload.exe	21
PID 2244 wrote to memory of 1184	2244	winload.exe	21
PID 2244 wrote to memory of 1184	2244	winload.exe	21
PID 2244 wrote to memory of 1184	2244	winload.exe	21

\Users\Admin\AppData\Local\Temp\winload.exe

Filesize
48KB

MD5
413b7d27725cbb6bc3d3fc3a267f0077

SHA1
38589121b4f65312304ae28eccbb7f36cc539215

SHA256
4b0c2f86a2a347919ec1ffb63bdfacd26e1902ee3e0edd463f06ef478b2f38f8

SHA512
eee6be801730133ebbe7fc1311b0e69af9bdec25882431cec48a9e83a7c7fe1daec19a866e7ab05dddc9b8fda96797f14857a669334ce46fd1e9fcf574cd5dff

Download Submit
memory/1184-16-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/1184-22-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

Filesize
24KB

Download
memory/2244-11-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2244-12-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2244-13-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2244-36-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2624-1-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2624-10-0x0000000000220000-0x0000000000228000-memory.dmp

Filesize
32KB

Download
memory/2624-9-0x0000000000220000-0x0000000000228000-memory.dmp

Filesize
32KB

Download
memory/2624-35-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download