b1baebfc177f5ce9cde2adedb4e52008bd32acd6c6dd254db7d852d80dda4115

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 16:57

Target

39fbab4423362a661aad23f2e7cc3ba1_JaffaCakes118.exe
Size

67KB
MD5

39fbab4423362a661aad23f2e7cc3ba1
SHA1

a5eed8064612b89fcc1584ca9bca9450ccf12d1f
SHA256

b1baebfc177f5ce9cde2adedb4e52008bd32acd6c6dd254db7d852d80dda4115
SHA512

7b118af4f9ff7089c810120ef687bb8c47a13ec500c283d271e726e665aac3d0fe988e8d876ba6348cb119c6f0fcb8058691172e0c99452938387dcc56cac9c0
SSDEEP

1536:MhszOPgEwVd1jHyYhwOQsFqEcYWMvd/kt:MhsGFQd1jHVfcgd/kt

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2888	cmd.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\kr_done1	39fbab4423362a661aad23f2e7cc3ba1_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2980	39fbab4423362a661aad23f2e7cc3ba1_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2888	2980	39fbab4423362a661aad23f2e7cc3ba1_JaffaCakes118.exe	31
PID 2980 wrote to memory of 2888	2980	39fbab4423362a661aad23f2e7cc3ba1_JaffaCakes118.exe	31
PID 2980 wrote to memory of 2888	2980	39fbab4423362a661aad23f2e7cc3ba1_JaffaCakes118.exe	31
PID 2980 wrote to memory of 2888	2980	39fbab4423362a661aad23f2e7cc3ba1_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\39fbab4423362a661aad23f2e7cc3ba1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\39fbab4423362a661aad23f2e7cc3ba1_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\\uninstf773faf.bat" "C:\Users\Admin\AppData\Local\Temp\39fbab4423362a661aad23f2e7cc3ba1_JaffaCakes118.exe""
  2⤵
  - Deletes itself
  PID:2888

C:\Users\Admin\AppData\Local\Temp\uninstf773faf.bat

Filesize
59B

MD5
2988b921fbed03f9c93c5d538932bbe3

SHA1
4b791b3d59ae76ff091c2cf201b40f5d1b432a3f

SHA256
a1769979622d3d25829be12474ad32ccfdfcac59785dac2fc10ae49c300e4ea3

SHA512
2920c6e9851973371dc238da1ee3c63d41c7820637856ee92c67e9489c1790e3fad287d229440d124e60b978f6819d04b47c40de9034cbd9de422aaafc2b07f9

Download Submit
memory/2980-3-0x0000000000410000-0x0000000000414000-memory.dmp

Filesize
16KB

Download
memory/2980-4-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2980-8-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download