79016ca1d1a6f3c3e5049d60c67f6c1eec681406a63a3f33b101694f13127584

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 12:41

Target

34c33d8900d2c3921c3215f182b21e7a_JaffaCakes118.exe
Size

8KB
MD5

34c33d8900d2c3921c3215f182b21e7a
SHA1

5bcfc3c1d2f17d9c61edb816eecef9a23a43b7b6
SHA256

79016ca1d1a6f3c3e5049d60c67f6c1eec681406a63a3f33b101694f13127584
SHA512

de5cd3fff633f3ce85c470ffa9d816add9d0b120000b9acb5b8fa69aabb02df480fc612d0ab6a474b7daf7dc37d52c95ef90dd28a55d71b05d33edaae27ae1dd
SSDEEP

192:IWuKW6O3+86L+U3/iAh+hQdKtUgP4nIXo2VSoy4g89ap:IWuKW6fXLf3KyqMKtUgqqSvX4Y

Score

7^/10

Executes dropped EXE 2 IoCs

pid	Process
516	Cn911.exe
4700	Cn911.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Cn911.exe	34c33d8900d2c3921c3215f182b21e7a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Cn911.exe	34c33d8900d2c3921c3215f182b21e7a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Cn911.exe	Cn911.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 716 wrote to memory of 516	716	34c33d8900d2c3921c3215f182b21e7a_JaffaCakes118.exe	84
PID 716 wrote to memory of 516	716	34c33d8900d2c3921c3215f182b21e7a_JaffaCakes118.exe	84
PID 716 wrote to memory of 516	716	34c33d8900d2c3921c3215f182b21e7a_JaffaCakes118.exe	84
PID 516 wrote to memory of 4700	516	Cn911.exe	85
PID 516 wrote to memory of 4700	516	Cn911.exe	85
PID 516 wrote to memory of 4700	516	Cn911.exe	85

C:\Windows\SysWOW64\Cn911.exe

Filesize
8KB

MD5
34c33d8900d2c3921c3215f182b21e7a

SHA1
5bcfc3c1d2f17d9c61edb816eecef9a23a43b7b6

SHA256
79016ca1d1a6f3c3e5049d60c67f6c1eec681406a63a3f33b101694f13127584

SHA512
de5cd3fff633f3ce85c470ffa9d816add9d0b120000b9acb5b8fa69aabb02df480fc612d0ab6a474b7daf7dc37d52c95ef90dd28a55d71b05d33edaae27ae1dd

Download Submit