8dc4354ab68d2b4f341b194f44e5636321b6ed9cbbf6757efaaa99a90074b2e5

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 19:48

Target

3a7ded8fe0b260f700d816b815a0c0f4_JaffaCakes118.exe
Size

759KB
MD5

3a7ded8fe0b260f700d816b815a0c0f4
SHA1

d34f6e6f1b232a48d6ee332f04f667bcc5759ec1
SHA256

8dc4354ab68d2b4f341b194f44e5636321b6ed9cbbf6757efaaa99a90074b2e5
SHA512

4944d211c8d4d8861da94ea70cfe8e5d7f04d4d520dc60fba5925a3db916e415db696f9e8e9928f661c9936ef47921a1ff9b38360a22dafe174d270290a60f3c
SSDEEP

12288:1DNJ3YX9ym5kDNGW5AoV/YlkDCZQIDl7bftRvUDOdIk/5gB5yucaTkcT8iBJISI9:t7aym5gGW5Ao5gkYTD9pRvUoIk/BqJIZ

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2708	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2260	Hacker.com.cn.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\Hacker.com.cn.exe	3a7ded8fe0b260f700d816b815a0c0f4_JaffaCakes118.exe
File opened for modification	C:\Windows\Hacker.com.cn.exe	3a7ded8fe0b260f700d816b815a0c0f4_JaffaCakes118.exe
File created	C:\Windows\uninstal.BAT	3a7ded8fe0b260f700d816b815a0c0f4_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2900	2260	WerFault.exe	30

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 2708	2584	3a7ded8fe0b260f700d816b815a0c0f4_JaffaCakes118.exe	32
PID 2584 wrote to memory of 2708	2584	3a7ded8fe0b260f700d816b815a0c0f4_JaffaCakes118.exe	32
PID 2584 wrote to memory of 2708	2584	3a7ded8fe0b260f700d816b815a0c0f4_JaffaCakes118.exe	32
PID 2584 wrote to memory of 2708	2584	3a7ded8fe0b260f700d816b815a0c0f4_JaffaCakes118.exe	32
PID 2584 wrote to memory of 2708	2584	3a7ded8fe0b260f700d816b815a0c0f4_JaffaCakes118.exe	32
PID 2584 wrote to memory of 2708	2584	3a7ded8fe0b260f700d816b815a0c0f4_JaffaCakes118.exe	32
PID 2584 wrote to memory of 2708	2584	3a7ded8fe0b260f700d816b815a0c0f4_JaffaCakes118.exe	32
PID 2260 wrote to memory of 2328	2260	Hacker.com.cn.exe	31
PID 2260 wrote to memory of 2328	2260	Hacker.com.cn.exe	31
PID 2260 wrote to memory of 2328	2260	Hacker.com.cn.exe	31
PID 2260 wrote to memory of 2328	2260	Hacker.com.cn.exe	31
PID 2260 wrote to memory of 2900	2260	Hacker.com.cn.exe	34
PID 2260 wrote to memory of 2900	2260	Hacker.com.cn.exe	34
PID 2260 wrote to memory of 2900	2260	Hacker.com.cn.exe	34
PID 2260 wrote to memory of 2900	2260	Hacker.com.cn.exe	34

C:\Users\Admin\AppData\Local\Temp\3a7ded8fe0b260f700d816b815a0c0f4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3a7ded8fe0b260f700d816b815a0c0f4_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\uninstal.BAT
  2⤵
  - Deletes itself
  PID:2708

C:\Windows\Hacker.com.cn.exe
C:\Windows\Hacker.com.cn.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:2328
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 288
  2⤵
  - Program crash
  PID:2900

C:\Windows\Hacker.com.cn.exe

Filesize
759KB

MD5
3a7ded8fe0b260f700d816b815a0c0f4

SHA1
d34f6e6f1b232a48d6ee332f04f667bcc5759ec1

SHA256
8dc4354ab68d2b4f341b194f44e5636321b6ed9cbbf6757efaaa99a90074b2e5

SHA512
4944d211c8d4d8861da94ea70cfe8e5d7f04d4d520dc60fba5925a3db916e415db696f9e8e9928f661c9936ef47921a1ff9b38360a22dafe174d270290a60f3c

Download Submit
C:\Windows\uninstal.BAT

Filesize
218B

MD5
65a706f138697509445e954d6db8c614

SHA1
d748aeba94a39f7d6b4ef77f71a25ab57630c9d9

SHA256
412fd0fac9acdc1109472ec392b1a58a73362467164d0e2146c82a5980cdf02d

SHA512
f52fba6951b1697f4775b7e40e5272e00c8b700b5e9931fd21b80c37c13dfb32574d7c72239f551c1ff258bfdc68b273e8eb1e9ea18724136d5f9742facacf4e

Download Submit
memory/2260-13-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/2584-11-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download