8792ff7d68f76a4b0c53def4dc73dbcfa743f5a3e5a584819ab9ae772cfd373c

Analysis

max time kernel
93s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2024 03:48

Target

37981c8d306d09dbe89a20efab549d0e_JaffaCakes118.exe
Size

233KB
MD5

37981c8d306d09dbe89a20efab549d0e
SHA1

7871dbaa2616485ec70e3ecf382d1299e0b06b9a
SHA256

8792ff7d68f76a4b0c53def4dc73dbcfa743f5a3e5a584819ab9ae772cfd373c
SHA512

42a6287358f101d967a0a718f3729375165b26e92634c4a825f31d55df42c3e1aea66753502ee9cf033cc3067e1d94275041a09c0d8efc2a3e4e877a1aad15e2
SSDEEP

6144:iHudtmI6d6GBKyeWvaqvS6etwDlB3SNFICBEOz:iOdtmvd6G4jWvFv5kwGTINOz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 3008	2944	37981c8d306d09dbe89a20efab549d0e_JaffaCakes118.exe	83
PID 2944 wrote to memory of 3008	2944	37981c8d306d09dbe89a20efab549d0e_JaffaCakes118.exe	83
PID 2944 wrote to memory of 3008	2944	37981c8d306d09dbe89a20efab549d0e_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\37981c8d306d09dbe89a20efab549d0e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\37981c8d306d09dbe89a20efab549d0e_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\37981c8d306d09dbe89a20efab549d0e_JaffaCakes118.bat
  2⤵
  PID:3008

C:\Users\Admin\AppData\Local\Temp\37981c8d306d09dbe89a20efab549d0e_JaffaCakes118.bat

Filesize
220B

MD5
2a904bc46feed7711da02c8fa960338d

SHA1
45c5fce6a4ee9c3e0844e33671979b00d0860d5a

SHA256
264ed416b5af7c44b3e05b67c8a711bfd5eda6adaf7bf85814d21568f89fd084

SHA512
c19b523f5fe34c210f910e903f7d38d916c18f80269d1f9df457813cd63d8029719bd84e993e6ec647977acd1f5c805824f7c6515112689ac70538d159ec0ba3

Download Submit
memory/2944-2-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download