b1071193e2068bba87eeed70388d3fb822de9f055de2fa3d1ce7dbff7e80829a

Analysis

max time kernel
102s
max time network
107s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 11:46

Target

3d3eacbcb8ddd3a14cd05f563e608646_JaffaCakes118.exe
Size

28KB
MD5

3d3eacbcb8ddd3a14cd05f563e608646
SHA1

257e60a5c9dbf45bbfde2ac682568766845e903f
SHA256

b1071193e2068bba87eeed70388d3fb822de9f055de2fa3d1ce7dbff7e80829a
SHA512

3aea38b37c2a11929a8ed358cfed1074864d1809ff9ff227447c509484c38a5ec3f523805a86c69184872edc4f1e731c0255ed86d242086f2e4cf424bd83bf8d
SSDEEP

192:9zlap1TvTqJlW/ZFCAxPZBJvI5wyf3LsQ8IPdraTNWHf1DraW9zHJq2BD7rP1oym:9z03nqJlkZ8QDCLpPMWf1aWe2BD/1o26

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1844	note64.exe

Executes dropped EXE 2 IoCs

pid	Process
2080	note64.exe
1844	note64.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\loaddk.inf	3d3eacbcb8ddd3a14cd05f563e608646_JaffaCakes118.exe
File created	C:\Windows\note64.exe	3d3eacbcb8ddd3a14cd05f563e608646_JaffaCakes118.exe
File opened for modification	C:\Windows\note64.exe	3d3eacbcb8ddd3a14cd05f563e608646_JaffaCakes118.exe
File created	C:\Windows\loaddk.inf	note64.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1848	3d3eacbcb8ddd3a14cd05f563e608646_JaffaCakes118.exe
2152	3d3eacbcb8ddd3a14cd05f563e608646_JaffaCakes118.exe
2080	note64.exe
1844	note64.exe
1844	note64.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 2152	1848	3d3eacbcb8ddd3a14cd05f563e608646_JaffaCakes118.exe	31
PID 1848 wrote to memory of 2152	1848	3d3eacbcb8ddd3a14cd05f563e608646_JaffaCakes118.exe	31
PID 1848 wrote to memory of 2152	1848	3d3eacbcb8ddd3a14cd05f563e608646_JaffaCakes118.exe	31
PID 1848 wrote to memory of 2152	1848	3d3eacbcb8ddd3a14cd05f563e608646_JaffaCakes118.exe	31
PID 2152 wrote to memory of 2080	2152	3d3eacbcb8ddd3a14cd05f563e608646_JaffaCakes118.exe	33
PID 2152 wrote to memory of 2080	2152	3d3eacbcb8ddd3a14cd05f563e608646_JaffaCakes118.exe	33
PID 2152 wrote to memory of 2080	2152	3d3eacbcb8ddd3a14cd05f563e608646_JaffaCakes118.exe	33
PID 2152 wrote to memory of 2080	2152	3d3eacbcb8ddd3a14cd05f563e608646_JaffaCakes118.exe	33
PID 2080 wrote to memory of 1844	2080	note64.exe	35
PID 2080 wrote to memory of 1844	2080	note64.exe	35
PID 2080 wrote to memory of 1844	2080	note64.exe	35
PID 2080 wrote to memory of 1844	2080	note64.exe	35

C:\DkTemp

Filesize
84B

MD5
7e530db4f5deed16bc6b4587db5d2c39

SHA1
a34f0553c31c28206638a7e4832b2824a7da7996

SHA256
7c2b8a516b7a006bd4df2d658c5e9ec8356805f7f329166b5c49c5e8389e345d

SHA512
cf14575c9b706f9e1f33bfbc806a08c88f96e1abadfd66ee2a159fb3986b2aa4d8d53b16d79a92e5285bc272309baf879c4654a4e8df08a7c11f6a2b5ae6d68f

Download Submit