05d6f35eba9ebc89ff7ceeec5c8b828ba4ffeccce56df086ed92037ce6a0fe3d

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 18:14

Target

35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe
Size

5.0MB
MD5

35d5c0916d7e11e640f44123aee0696f
SHA1

14b1ef53213a5a3e09319e224a95662498c5fb1f
SHA256

05d6f35eba9ebc89ff7ceeec5c8b828ba4ffeccce56df086ed92037ce6a0fe3d
SHA512

3a0b330961ec8be7be218578fda87e106de273fad9e62e1ee44a6c870ba6c4129fb24c00ceafc263641004e6ac6375ff28e57d9f9e3ac367e3ea88e445879845
SSDEEP

192:RW2lgASsGxDstjT9hOM65SSqNtlcj9zHJ2WQ4Ti461oyaDb8zE:RWm9T365S54ZQ4G461QDA4

Score

7^/10

Deletes itself 1 IoCs

pid	Process
5040	Googleto.exe

Executes dropped EXE 2 IoCs

pid	Process
4988	Googleto.exe
5040	Googleto.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\Mation.inf	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe
File created	C:\Windows\Debugs.inf	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe
File created	C:\Windows\Googleto.exe	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe
File opened for modification	C:\Windows\Googleto.exe	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe
File created	C:\Windows\Debugs.inf	Googleto.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 4696	4424	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe	85
PID 4424 wrote to memory of 4696	4424	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe	85
PID 4424 wrote to memory of 4696	4424	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe	85
PID 4696 wrote to memory of 4988	4696	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe	87
PID 4696 wrote to memory of 4988	4696	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe	87
PID 4696 wrote to memory of 4988	4696	35d5c0916d7e11e640f44123aee0696f_JaffaCakes118.exe	87
PID 4988 wrote to memory of 5040	4988	Googleto.exe	88
PID 4988 wrote to memory of 5040	4988	Googleto.exe	88
PID 4988 wrote to memory of 5040	4988	Googleto.exe	88

C:\MyTemp

Filesize
84B

MD5
c559f20388cc1cf705e663e562cc6f8e

SHA1
5f24cd5c540b69ee6f982946689bf45c05374c8f

SHA256
8e413905ebfd5f206ab31f0c9bb83288d68d35078d5a92e84559fbe8590693b9

SHA512
be17028130b8134164948609e4a8ecf58b36bb29174b83703f476997cffeea4c980bc6c513a5823e0c8cd93b74ec6fa594c2b532cc934d1ec40f8d1ddb4abeeb

Download Submit
C:\Windows\Googleto.exe

Filesize
13.0MB

MD5
2e99b063a4c9e4635a06926f05561239

SHA1
a38dc05864600671cf1079b8ba607dbf6df78f86

SHA256
08c00145e4c2730cbfc39ae1f47f5ecb34ffa196da7be25ebcf3fc51ea84bf41

SHA512
6d904edcbe67addbe27641a9a6a7a995fda99e6212129cd98865826e473d2084fc17cfb873852900ef29bbce8b32c3629c4415c6fe8cc3b669d8a54ff18c6a57

Download Submit
C:\Windows\Mation.inf

Filesize
13B

MD5
e353e98883820415ad14807b2a97920f

SHA1
e0dd02b23270df333700e6f163cc84ad61e6bbfb

SHA256
d87401fe5397a05eaaa08623b898465764369ae13a9eb2c19f745b534d8750f5

SHA512
f3bcc630c0f7de4e144f9ec7b1dff1de033e56fb923ef5c7c96fdd5c59a1d50d89fc30c371ab569f61028c5fd3fe540a16ecefc0e2c26e5c4c3a15d98ff007c2

Download Submit