5c679b303aa10dac8e41dc02ff8ddc5a3c9c372811966f16a861f0d5d8d901da

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 15:12

Target

3de2e0013d7be43ab01b54252f43db15_JaffaCakes118.exe
Size

300KB
MD5

3de2e0013d7be43ab01b54252f43db15
SHA1

b7fa70ac787a09149278c57d085f71f85be6fdb4
SHA256

5c679b303aa10dac8e41dc02ff8ddc5a3c9c372811966f16a861f0d5d8d901da
SHA512

e81624c9c766091c107ba10a2db4506afbad8b69e393d1bd32e5088d050fcda123a8f08747a44d16fc63f01445d0eff68541dc742741ec07793b2e100c9d0ed1
SSDEEP

6144:YTsZO044WwGObjrDLMmFrSucUfLD92eoV+csKvQcBFTkGKbg4MvLUe:YUOPeHbvDom4ucU/g3Xlk2

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1796	SkypeClient.exe

Loads dropped DLL 2 IoCs

pid	Process
2988	3de2e0013d7be43ab01b54252f43db15_JaffaCakes118.exe
2988	3de2e0013d7be43ab01b54252f43db15_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1192	2988	WerFault.exe	29

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1796	SkypeClient.exe
1796	SkypeClient.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 1796	2988	3de2e0013d7be43ab01b54252f43db15_JaffaCakes118.exe	30
PID 2988 wrote to memory of 1796	2988	3de2e0013d7be43ab01b54252f43db15_JaffaCakes118.exe	30
PID 2988 wrote to memory of 1796	2988	3de2e0013d7be43ab01b54252f43db15_JaffaCakes118.exe	30
PID 2988 wrote to memory of 1796	2988	3de2e0013d7be43ab01b54252f43db15_JaffaCakes118.exe	30
PID 2988 wrote to memory of 1192	2988	3de2e0013d7be43ab01b54252f43db15_JaffaCakes118.exe	31
PID 2988 wrote to memory of 1192	2988	3de2e0013d7be43ab01b54252f43db15_JaffaCakes118.exe	31
PID 2988 wrote to memory of 1192	2988	3de2e0013d7be43ab01b54252f43db15_JaffaCakes118.exe	31
PID 2988 wrote to memory of 1192	2988	3de2e0013d7be43ab01b54252f43db15_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\3de2e0013d7be43ab01b54252f43db15_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3de2e0013d7be43ab01b54252f43db15_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Users\Admin\AppData\Local\Temp\SkypeClient.exe
  C:\Users\Admin\AppData\Local\Temp\SkypeClient.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1796
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 140
  2⤵
  - Program crash
  PID:1192

\Users\Admin\AppData\Local\Temp\SkypeClient.exe

Filesize
80KB

MD5
7c47fb8ef8fbb53027f820d696f5c734

SHA1
c9bff30466eaf77f4c731159b1f43cd5438885c1

SHA256
8d8730bd88b5d9b191d0efc2f24df087059ba05d418c75cb1d7077f7510832c4

SHA512
b85acfe570f6f8a6b2c16257b0027abb0d6b2518a97819830177439fa1d2fe742b1e37d072bbe5415139d8f860c203ae74dc1076de6ae7c1717dead907fdc1a5

Download Submit
memory/2988-5-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2988-4-0x0000000000400000-0x00000000004AB000-memory.dmp

Filesize
684KB

Download
memory/2988-12-0x0000000000400000-0x00000000004AB000-memory.dmp

Filesize
684KB

Download
memory/2988-13-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download