3cf7ea7d8fee23c550b833547afd007c7ae65639760badaac3227109693bb874

Analysis

max time kernel
13s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 19:33

Target

31b086c5a3588875ed20e911db75c05d_JaffaCakes118.exe
Size

58KB
MD5

31b086c5a3588875ed20e911db75c05d
SHA1

c49d2c5807dfd1caf4492549fe5a9555410677e7
SHA256

3cf7ea7d8fee23c550b833547afd007c7ae65639760badaac3227109693bb874
SHA512

439bc82e2b6b940c000fb74b1343ff5c858fb956280e2085f25f6a94df3c435356c7c326d23ad1846c5b044114e6a24454a5b84ec63ab3b0185bad18c39444cc
SSDEEP

768:vCru/f9Iw/E6zy4n8uZ5tUXMJ+fROUmELY2glEbM3j+rd+fpRiTWNReOO2:71Tzy48untU8fOMEI3jyYfPiuO2

Score

1^/10

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2076	2064	31b086c5a3588875ed20e911db75c05d_JaffaCakes118.exe	30
PID 2064 wrote to memory of 2076	2064	31b086c5a3588875ed20e911db75c05d_JaffaCakes118.exe	30
PID 2064 wrote to memory of 2076	2064	31b086c5a3588875ed20e911db75c05d_JaffaCakes118.exe	30
PID 2064 wrote to memory of 2076	2064	31b086c5a3588875ed20e911db75c05d_JaffaCakes118.exe	30
PID 2076 wrote to memory of 1716	2076	cmd.exe	31
PID 2076 wrote to memory of 1716	2076	cmd.exe	31
PID 2076 wrote to memory of 1716	2076	cmd.exe	31
PID 2076 wrote to memory of 1716	2076	cmd.exe	31
PID 1716 wrote to memory of 296	1716	iexpress.exe	32
PID 1716 wrote to memory of 296	1716	iexpress.exe	32
PID 1716 wrote to memory of 296	1716	iexpress.exe	32
PID 1716 wrote to memory of 296	1716	iexpress.exe	32

C:\Users\Admin\AppData\Local\Temp\31b086c5a3588875ed20e911db75c05d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\31b086c5a3588875ed20e911db75c05d_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\E82.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\31b086c5a3588875ed20e911db75c05d_JaffaCakes118.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Windows\SysWOW64\iexpress.exe
    iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1716
  - - C:\Windows\SysWOW64\makecab.exe
      C:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"
      4⤵
      PID:296

C:\Users\Admin\AppData\Local\Temp\E82.tmp\1.bat

Filesize
1KB

MD5
02dba5f37067292355c6d01a57d4ef48

SHA1
7c67ab3f99fbf7a53018dd295d2968c525db83d9

SHA256
8b74c812ba9e6c536da7edd4101e7e0dddeab8355e5aff095dd31b3f00560242

SHA512
12201f949ee3198c8f4b39cc8edf90a114ecf42ddd5383ed0b87e4c78053cd517786dc7af83557e63a0483af74f4c0117d5568441ae761ff6958e758704d602a

Download Submit
C:\Users\Admin\AppData\Local\Temp\popup.sed

Filesize
58KB

MD5
4e0e3242f675caa480e180ba6973eaf0

SHA1
e5062db5d5395384854eca74d5bd23c36be9b296

SHA256
66a20c100976674305bba34ebf40d02a0b194c5bef77d935273db35b0a9a2444

SHA512
087ed6c4d3bca767be448c078de3f290a1f372248b86f27150179cf4b8005c1264faf6c06c9e7fc13b5179651398a8e81ed4db4b315cfe2cd10d2877823db4bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\~%TargetName%.DDF

Filesize
724B

MD5
c3ca008abd6997c4b036a7e8be75cb2c

SHA1
05f7a3527bb04c691b08f040f562582035398829

SHA256
29ef6bf47dcc8c67f1abe1b269d3518d6a4ebe125daa1ea460779638cb9782a3

SHA512
bee0baf3cb83144239077f99f5ca2a6ca7b618f7f51a53e03613ae697e8bc76fa28f5d006296b469be8e1fffeeb35668b5fe87b260b1380cc003815ea9efb083

Download Submit