5294994fff9f3a18b3f549e5a7b48dbbdd5dd3fe390e7d71cae87295086d7774

Analysis

max time kernel
94s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 23:25

Target

3f49bcf9ae674d5200dd901df573947e_JaffaCakes118.exe
Size

636KB
MD5

3f49bcf9ae674d5200dd901df573947e
SHA1

4406174a667c8735b44aed0ab10ee5dd63b6c7d7
SHA256

5294994fff9f3a18b3f549e5a7b48dbbdd5dd3fe390e7d71cae87295086d7774
SHA512

8308ffb0a41a44f8a6662cdb644489baaf54c05c0cda6700f27249bf557be3010a84f192a913c762643f379f6214f5d066ae11bf674becfe2cd55e32148f8792
SSDEEP

12288:onJe2+q1vpEGQVSDVmUMaDqglapUN75ud6k9QQP+jIFZ:6ei2GSShmUJFEpgducoQQP+jIP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 1852	3544	3f49bcf9ae674d5200dd901df573947e_JaffaCakes118.exe	86
PID 3544 wrote to memory of 1852	3544	3f49bcf9ae674d5200dd901df573947e_JaffaCakes118.exe	86
PID 3544 wrote to memory of 1852	3544	3f49bcf9ae674d5200dd901df573947e_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\3f49bcf9ae674d5200dd901df573947e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3f49bcf9ae674d5200dd901df573947e_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\SDelinves_1.bat
  2⤵
  PID:1852

C:\Users\Admin\AppData\Local\Temp\SDelinves_1.bat

Filesize
240B

MD5
6df38e79af603aa5a72cce523739eff3

SHA1
ac5360d879e7fa7e5ce6ced9c94d378e4474ffa7

SHA256
8776dc21f2186a9292268f5b6f934368854df306930f0292b8dc3df2e0dffcd7

SHA512
1aacbeda9ebe4ee5262753fba7dcb97ab511dc4c576cd45b76fd94515e5e187e5796aef7bd36cce088d12501782155df9fa83c1d2b48bb6c865bafb83044e787

Download Submit
memory/3544-0-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/3544-3-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download