ed9238eed7fb8b450246a376d94ef3b757b7aea2cbb79ab6c414748114b006df

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 18:55

Target

35f7aa4cf50a7991f879e1f1d11c0831_JaffaCakes118.exe
Size

296KB
MD5

35f7aa4cf50a7991f879e1f1d11c0831
SHA1

3dcf298af60156e00e5dd290a43b6513284c8780
SHA256

ed9238eed7fb8b450246a376d94ef3b757b7aea2cbb79ab6c414748114b006df
SHA512

6eae7bd74f27fd35bddd3d20552278b11af59d6c7e5c1af846646912ba020f90a0b355fb7b385818cb0ba6f13af7e664fbf3e52fc50fdf3f0aa82d1b7cfd609d
SSDEEP

6144:7C0HQpT7VXj89azSpcd1RN1B9jK5/eDq8HpWhH3YHpTcNAfGpxr93:20W/xjCaOpcd1tbKwH9HWNAq5R

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2892	winxp.exe

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\winxp.exe	35f7aa4cf50a7991f879e1f1d11c0831_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\winxp.exe	35f7aa4cf50a7991f879e1f1d11c0831_JaffaCakes118.exe
File created	C:\Program Files (x86)\winxp.DLL	winxp.exe
File opened for modification	C:\Program Files (x86)\winxp.DLL	winxp.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\uninstal.bat	35f7aa4cf50a7991f879e1f1d11c0831_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2892	winxp.exe
2892	winxp.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 4924	2980	35f7aa4cf50a7991f879e1f1d11c0831_JaffaCakes118.exe	87
PID 2980 wrote to memory of 4924	2980	35f7aa4cf50a7991f879e1f1d11c0831_JaffaCakes118.exe	87
PID 2980 wrote to memory of 4924	2980	35f7aa4cf50a7991f879e1f1d11c0831_JaffaCakes118.exe	87
PID 2892 wrote to memory of 3376	2892	winxp.exe	56

C:\Program Files (x86)\winxp.exe

Filesize
296KB

MD5
35f7aa4cf50a7991f879e1f1d11c0831

SHA1
3dcf298af60156e00e5dd290a43b6513284c8780

SHA256
ed9238eed7fb8b450246a376d94ef3b757b7aea2cbb79ab6c414748114b006df

SHA512
6eae7bd74f27fd35bddd3d20552278b11af59d6c7e5c1af846646912ba020f90a0b355fb7b385818cb0ba6f13af7e664fbf3e52fc50fdf3f0aa82d1b7cfd609d

Download Submit
C:\Windows\uninstal.bat

Filesize
218B

MD5
0a32f451dce65bcc2380de73c7a635b5

SHA1
c599e0d51b50a0c8d268d92b52bbfd35df083303

SHA256
c82467f2cb8b8379f5fcfd00de0e01cd26e000ab5c91e396978e78f33babe1bc

SHA512
7806c569373e61f55c891f7fd7557c9f27cca03cbba3342ccc316d7e679dbaf461eae8cd3e762a33f071e1c1b8f8a7cf5a311b57ac0b3672111f6feb37db9cfc

Download Submit
memory/2892-7-0x0000000013140000-0x0000000013299000-memory.dmp

Filesize
1.3MB

Download
memory/2892-14-0x0000000013140000-0x0000000013299000-memory.dmp

Filesize
1.3MB

Download
memory/2980-0-0x0000000013140000-0x0000000013299000-memory.dmp

Filesize
1.3MB

Download
memory/2980-1-0x0000000000450000-0x0000000000451000-memory.dmp

Filesize
4KB

Download
memory/2980-2-0x0000000013140000-0x0000000013299000-memory.dmp

Filesize
1.3MB

Download
memory/2980-12-0x0000000013140000-0x0000000013299000-memory.dmp

Filesize
1.3MB

Download