d390ad5ed0eca48fd878360de1ead84d2b82f4d40e17f961d59e916a63be5a50

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 01:42

Target

3b8a9d9da8f6e9c526f1ae0d0dee859b_JaffaCakes118.exe
Size

8KB
MD5

3b8a9d9da8f6e9c526f1ae0d0dee859b
SHA1

2a1e3a9399b4e2d8f9462ddadf17b85cf5f9fdc1
SHA256

d390ad5ed0eca48fd878360de1ead84d2b82f4d40e17f961d59e916a63be5a50
SHA512

1f0002e71b54b289de6d8164d0d6021465b58dced564ba912038b22ee6ad702199a67f8e8d5d794428dfd5b3eea83993d52610b796aa2a96c8129127e79cfa7f
SSDEEP

96:5dk491Sp4hJCyV7nS62sQC4o4fOYyTSzm9izZp43Z9N8PJ:zR964bCyV7SM4o4feeEEZpaHUJ

Score

1^/10

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2816	2212	3b8a9d9da8f6e9c526f1ae0d0dee859b_JaffaCakes118.exe	31
PID 2212 wrote to memory of 2816	2212	3b8a9d9da8f6e9c526f1ae0d0dee859b_JaffaCakes118.exe	31
PID 2212 wrote to memory of 2816	2212	3b8a9d9da8f6e9c526f1ae0d0dee859b_JaffaCakes118.exe	31
PID 2212 wrote to memory of 2816	2212	3b8a9d9da8f6e9c526f1ae0d0dee859b_JaffaCakes118.exe	31
PID 2816 wrote to memory of 2708	2816	cmd.exe	32
PID 2816 wrote to memory of 2708	2816	cmd.exe	32
PID 2816 wrote to memory of 2708	2816	cmd.exe	32
PID 2816 wrote to memory of 2708	2816	cmd.exe	32
PID 2816 wrote to memory of 1836	2816	cmd.exe	33
PID 2816 wrote to memory of 1836	2816	cmd.exe	33
PID 2816 wrote to memory of 1836	2816	cmd.exe	33
PID 2816 wrote to memory of 1836	2816	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\3b8a9d9da8f6e9c526f1ae0d0dee859b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3b8a9d9da8f6e9c526f1ae0d0dee859b_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\259455839.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2816
- - C:\Windows\SysWOW64\net.exe
    net use f: \\192.168.45.3\msi$ MP497cwd /user:msi_kynt
    3⤵
    PID:2708
- - C:\Windows\SysWOW64\net.exe
    net use /persistent:yes
    3⤵
    PID:1836

C:\Users\Admin\AppData\Local\Temp\259455839.bat

Filesize
92B

MD5
1d3bb40079e2ca78f244ea377795797b

SHA1
4a2b870c23c88a3c87cd9a4feb8ebef76a6be838

SHA256
e04cdc4c1c34a7038631bae63cd96f222e9de4400105c804616c95986d8c89be

SHA512
014cd154d03afb1559c53c62bca9cf6e4efb52c3d2bf83fb4ce2eb71b734e41cd2324222f7b65bd09d950ef6d8af828a8bfd539b54b2adbb0d9d17c2ae6203d9

Download Submit
memory/2212-0-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2212-9-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download