c91d138cde5d9f47f607a31c7054362fd10959c500545d356b41c285a2767602

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 06:59

Target

3821dc74c355ae21b54a76447bef56c8_JaffaCakes118.exe
Size

532KB
MD5

3821dc74c355ae21b54a76447bef56c8
SHA1

27a252a6296d6714e546e8da0c6d127d32d5526e
SHA256

c91d138cde5d9f47f607a31c7054362fd10959c500545d356b41c285a2767602
SHA512

c26c45d0a0167cdb6aefcace2a96dfd600544beee16f259964996cd9d65d3f4312cfca553fba0b2e3d07bbbaf537c4d97b980161359b90793499aeed25430f1d
SSDEEP

12288:MLry/neyx7f/A64j7P+tixhT8a+rHIjtD4ESPE0X:qKeyxTAJj7P+yWaEA5VSs0X

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2772	ykobwixfrxos.exe

Loads dropped DLL 1 IoCs

pid	Process
2396	3821dc74c355ae21b54a76447bef56c8_JaffaCakes118.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\yocjdgvq\ykobwixfrxos.exe	3821dc74c355ae21b54a76447bef56c8_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2772	2396	3821dc74c355ae21b54a76447bef56c8_JaffaCakes118.exe	30
PID 2396 wrote to memory of 2772	2396	3821dc74c355ae21b54a76447bef56c8_JaffaCakes118.exe	30
PID 2396 wrote to memory of 2772	2396	3821dc74c355ae21b54a76447bef56c8_JaffaCakes118.exe	30
PID 2396 wrote to memory of 2772	2396	3821dc74c355ae21b54a76447bef56c8_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\3821dc74c355ae21b54a76447bef56c8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3821dc74c355ae21b54a76447bef56c8_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Program Files (x86)\yocjdgvq\ykobwixfrxos.exe
  "C:\Program Files (x86)\yocjdgvq\ykobwixfrxos.exe"
  2⤵
  - Executes dropped EXE
  PID:2772

\Program Files (x86)\yocjdgvq\ykobwixfrxos.exe

Filesize
540KB

MD5
47474e90f82a1b5078b30140c99c2188

SHA1
9aa3929931b0a5ff133d0bbcb7366aa9465efac1

SHA256
ce49427c564bd7e49349efb7aad0b2144f2bb630e516c5735b5cdd66d6360f33

SHA512
27d2e6763d0fbc698833ee0cce626ebe1ec36b597805da402768a170fba42556268a46513b86314748b320f49e3cd94765895e84e7988d202c1f1382e6b6f510

Download Submit
memory/2396-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2396-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2396-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2396-11-0x0000000000280000-0x0000000000314000-memory.dmp

Filesize
592KB

Download
memory/2772-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2772-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2772-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download