dd46be64e125711ed76111affed3a01aa3166db5e8d6c23238b1b22cafd800be

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 13:16

Target

3086e81a75a834bec6e0fbf0375b302b_JaffaCakes118.exe
Size

1.3MB
MD5

3086e81a75a834bec6e0fbf0375b302b
SHA1

44fade609ec03e08ac20d590914f76d4433b6648
SHA256

dd46be64e125711ed76111affed3a01aa3166db5e8d6c23238b1b22cafd800be
SHA512

34cc33b6c572cedbaf3dbd75f914ba96b1f704fae00614a8ed4aab2815e436f78e7214a4a49b9719bbabfd8edaca838ce7a7da489ab8b1bfd18eab11e1f85519
SSDEEP

12288:KzRNRO+Hw3Y06DsIngTPD6ZTzDogsYWZ90Yj+TodjvwkgoaFa:L3VpmS4YjImlp

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2112	2248	3086e81a75a834bec6e0fbf0375b302b_JaffaCakes118.exe	30
PID 2248 wrote to memory of 2112	2248	3086e81a75a834bec6e0fbf0375b302b_JaffaCakes118.exe	30
PID 2248 wrote to memory of 2112	2248	3086e81a75a834bec6e0fbf0375b302b_JaffaCakes118.exe	30
PID 2248 wrote to memory of 2112	2248	3086e81a75a834bec6e0fbf0375b302b_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\3086e81a75a834bec6e0fbf0375b302b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3086e81a75a834bec6e0fbf0375b302b_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 424
  2⤵
  PID:2112

memory/2112-3-0x0000000001EB0000-0x0000000001EB1000-memory.dmp

Filesize
4KB

Download
memory/2112-5-0x0000000001EB0000-0x0000000001EB1000-memory.dmp

Filesize
4KB

Download
memory/2248-0-0x00000000745F1000-0x00000000745F2000-memory.dmp

Filesize
4KB

Download
memory/2248-1-0x00000000745F0000-0x0000000074B9B000-memory.dmp

Filesize
5.7MB

Download
memory/2248-2-0x00000000745F0000-0x0000000074B9B000-memory.dmp

Filesize
5.7MB

Download
memory/2248-4-0x00000000745F0000-0x0000000074B9B000-memory.dmp

Filesize
5.7MB

Download