05d6f35eba9ebc89ff7ceeec5c8b828ba4ffeccce56df086ed92037ce6a0fe3d

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 18:14

Target

35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe
Size

5.0MB
MD5

35d5c0916d7e11e640f44123aee0696f
SHA1

14b1ef53213a5a3e09319e224a95662498c5fb1f
SHA256

05d6f35eba9ebc89ff7ceeec5c8b828ba4ffeccce56df086ed92037ce6a0fe3d
SHA512

3a0b330961ec8be7be218578fda87e106de273fad9e62e1ee44a6c870ba6c4129fb24c00ceafc263641004e6ac6375ff28e57d9f9e3ac367e3ea88e445879845
SSDEEP

192:RW2lgASsGxDstjT9hOM65SSqNtlcj9zHJ2WQ4Ti461oyaDb8zE:RWm9T365S54ZQ4G461QDA4

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2696	Googleij.exe

Executes dropped EXE 2 IoCs

pid	Process
1096	Googleij.exe
2696	Googleij.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Debugs.inf	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe
File created	C:\Windows\Googleij.exe	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe
File opened for modification	C:\Windows\Googleij.exe	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe
File created	C:\Windows\Debugs.inf	Googleij.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2456	2292	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe	30
PID 2292 wrote to memory of 2456	2292	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe	30
PID 2292 wrote to memory of 2456	2292	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe	30
PID 2292 wrote to memory of 2456	2292	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe	30
PID 2456 wrote to memory of 1096	2456	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe	31
PID 2456 wrote to memory of 1096	2456	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe	31
PID 2456 wrote to memory of 1096	2456	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe	31
PID 2456 wrote to memory of 1096	2456	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe	31
PID 1096 wrote to memory of 2696	1096	Googleij.exe	32
PID 1096 wrote to memory of 2696	1096	Googleij.exe	32
PID 1096 wrote to memory of 2696	1096	Googleij.exe	32
PID 1096 wrote to memory of 2696	1096	Googleij.exe	32

C:\MyTemp

Filesize
84B

MD5
c559f20388cc1cf705e663e562cc6f8e

SHA1
5f24cd5c540b69ee6f982946689bf45c05374c8f

SHA256
8e413905ebfd5f206ab31f0c9bb83288d68d35078d5a92e84559fbe8590693b9

SHA512
be17028130b8134164948609e4a8ecf58b36bb29174b83703f476997cffeea4c980bc6c513a5823e0c8cd93b74ec6fa594c2b532cc934d1ec40f8d1ddb4abeeb

Download Submit
C:\Windows\Googleij.exe

Filesize
25.6MB

MD5
729cdccf8102f77b3101a94f210522ac

SHA1
6454d57a6b50fd10330dcc4ef60935eff118a7aa

SHA256
920106e181bb8b9994a070e87196992d33f3a4237fe08a62d5e0192c14d2a771

SHA512
b6dde9f5c60eb6644fa56319ff1161745ca080e61aaac5355af47e604486cc36a83b800afb96542fcd5cfdea1cd93e987eb5aedf786681370aa1d9814e02befe

Download Submit