0fcc3ac0d14e3f423b1e05052274ef7052bec289a533274153871c0ff9f62142

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 11:46

Target

3495639dfa9b4cada607ec65231acb74_JaffaCakes118.exe
Size

89KB
MD5

3495639dfa9b4cada607ec65231acb74
SHA1

40c28fde29a8b65246b92edbea55a576fc55790b
SHA256

0fcc3ac0d14e3f423b1e05052274ef7052bec289a533274153871c0ff9f62142
SHA512

f869a35fbf205d9a0d2374441ce60d69a3d2f0f758d29b459379efa07faf06a09c79d311f70520d3c14a92510e2db3671163e1705d4177be83d761c2728bca02
SSDEEP

1536:TrBzyB1TEeOjqNW5+/KdnZsz9cRU8ZLL7G5pu6OF59shqElpiPFlN3fjNnggOEmd:TrBWBuPj46+/KdxRR9O5puPDsF83fjNK

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2924	cmd.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\java\AFF995DC4281.dll	3495639dfa9b4cada607ec65231acb74_JaffaCakes118.exe
File created	C:\Windows\java\AFF995DC4281.exe	3495639dfa9b4cada607ec65231acb74_JaffaCakes118.exe
File opened for modification	C:\Windows\java\AFF995DC4281.exe	3495639dfa9b4cada607ec65231acb74_JaffaCakes118.exe
File created	C:\Windows\1.bat	3495639dfa9b4cada607ec65231acb74_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 2924	1188	3495639dfa9b4cada607ec65231acb74_JaffaCakes118.exe	30
PID 1188 wrote to memory of 2924	1188	3495639dfa9b4cada607ec65231acb74_JaffaCakes118.exe	30
PID 1188 wrote to memory of 2924	1188	3495639dfa9b4cada607ec65231acb74_JaffaCakes118.exe	30
PID 1188 wrote to memory of 2924	1188	3495639dfa9b4cada607ec65231acb74_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\3495639dfa9b4cada607ec65231acb74_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3495639dfa9b4cada607ec65231acb74_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\1.bat
  2⤵
  - Deletes itself
  PID:2924

C:\Windows\1.bat

Filesize
212B

MD5
98bca6a801eedbc0bbe3566d688efa92

SHA1
ea59207f20abd1a0c4d8d9d8628ca77fcd7292e1

SHA256
191fb31ff3f5f59a39a99190b0711ff3812b503e66974062d671b73a9acfc12d

SHA512
dacdbaad35fb1869555bfef93b229d78bdd48cd08988b4533db2cfdbcf7b63bffa8f5131035aeecce118381d9a2df70bf29de9007373af73be0353345242d28e

Download Submit
memory/1188-0-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1188-8-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download