b08af00cd09f0e6e80fdfdb7d9b7c1a8726c4c8d0d5a4b040f0e6d965f28f501

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10-07-2024 21:08

Target

366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe
Size

32KB
MD5

366338f7a4e55a5f7a9f43f7a1d10014
SHA1

d801577b2f3455656be0443a45b90b70df003b3a
SHA256

b08af00cd09f0e6e80fdfdb7d9b7c1a8726c4c8d0d5a4b040f0e6d965f28f501
SHA512

c84b9267c6cbf2b5b37ba74abdc3ca43f83c954caf3b950df1e653f5c4631053e2664449c7dc4f16f2ccdcf44bde2b636be4de596eae5b766a899aa5156e1079
SSDEEP

384:/T1dDqmPyNDmngLRkMe9Uu7VxWiIY58o/ZbGcGF3vw:/JdeT9m7B9pHWpi/Zk3vw

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

rst.exe

pid process

2500 rst.exe
Loads dropped DLL 2 IoCs

Processes:

366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe

pid process

1968 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe
1968 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe
Drops file in System32 directory 1 IoCs

Processes:

366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe

description ioc process

File opened for modification C:\Windows\SysWOW64\rst.exe 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe

pid process

1968 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe

pid	process
2500	rst.exe

pid	process
1968	366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe
1968	366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\rst.exe	366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe

pid	process
1968	366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe

description	pid	process	target process
PID 1968 wrote to memory of 2500	1968	366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe	rst.exe
PID 1968 wrote to memory of 2500	1968	366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe	rst.exe
PID 1968 wrote to memory of 2500	1968	366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe	rst.exe
PID 1968 wrote to memory of 2500	1968	366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe	rst.exe

C:\Windows\SysWOW64\rst.exe
C:\Windows\system32\rst.exe
2⤵
- Executes dropped EXE
PID:2500

\Windows\SysWOW64\rst.exe

Filesize
8KB

MD5
ca04309dd09085180523e7642aaa10be

SHA1
a0bcf62d27cc74b4c4cb48fe9cb2d5a661b7c0cf

SHA256
0373ef0fd6c3b0eeee386f67496c0ffc4973a43c8082859069d2cfefc6023c83

SHA512
c012cf2731418e8f174c1971e2b2e146db785161a8ce586bed94655b88b1b0267a30133ffed17a05f1ec6d8e41a63ffe1694fadf08a84ceaf29fc86969a81bcb

Download Submit