022b8ff4a5ce0d8441714dc40f569ea1637bcc518d4c6fde44874464428119f7

Analysis

max time kernel
150s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 16:38

Target

3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe
Size

291KB
MD5

3e1736569e7e6b8af4ef2695bcecf291
SHA1

a730fc2e102cb0425c2fe3e475e10b3450d966c1
SHA256

022b8ff4a5ce0d8441714dc40f569ea1637bcc518d4c6fde44874464428119f7
SHA512

03b5caeb205ebe55919679213562a30b943394d73c64bb45223bf37f4d8f6c2b28a72a4567519005b520b97efb5bab7c4638f5f8972322a7a421860712c2b75d
SSDEEP

6144:uQccOgOaGX08fw8uG/mxqZ0YCy/eP/wNZfRRmukNhpw+Uc:uLci7kKw8XmydK/g/Rmtw+Uc

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2324	E2B1.tmp

Loads dropped DLL 3 IoCs

pid	Process
2152	3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe
2152	3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe
2152	3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2152	3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 2324	2152	3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe	29
PID 2152 wrote to memory of 2324	2152	3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe	29
PID 2152 wrote to memory of 2324	2152	3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe	29
PID 2152 wrote to memory of 2324	2152	3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe	29
PID 2152 wrote to memory of 2832	2152	3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe	30
PID 2152 wrote to memory of 2832	2152	3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe	30
PID 2152 wrote to memory of 2832	2152	3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe	30
PID 2152 wrote to memory of 2832	2152	3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Users\Admin\AppData\Local\Temp\E2B1.tmp
  C:\Users\Admin\AppData\Local\Temp\E2B1.tmp
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Users\Admin\AppData\Local\Temp\3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe" --cp "C:\Users\Admin\AppData\Local\Temp\E31F.tmp"
  2⤵
  PID:2832

C:\Users\Admin\AppData\Local\Temp\E31F.tmp

Filesize
291KB

MD5
ab440d023eb5aaa4896b06a02c27c1db

SHA1
f39feecfcdfb2c21587139beb043ef31fbcfc624

SHA256
121d0ed1eef49a3947ea102bf515b0ba393f93cc9d876c4dc5d797b777b685ab

SHA512
a5acd5c789dac196dfc5ad69e85d53c61def2a2fac6c27d51dec4a0770892ad7103436212d8b1ecd52b02a4214812c6540dfd14ab8252ce40c2997a5734dc243

Download Submit
\Users\Admin\AppData\Local\Temp\E2B1.tmp

Filesize
243KB

MD5
042be06245073b2ee3014454e6d6bfb8

SHA1
7807c90496ced5a1a6f04f985f12fbc386c70c33

SHA256
8b1c3f0b5ff6061b63ede6f448aaecb7403e182eadcb6c1acfad37aa8b19b88d

SHA512
86aca1f9d82754386a2a0449f07ed84068deb6a4995f71ad13100ca111f24f03b363aa3363819185e98b54c2408915a7872f8a51d4cf7a91c94319fec353e2ee

Download Submit
memory/2152-0-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2152-2-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2324-22-0x0000000000400000-0x000000000043F0B0-memory.dmp

Filesize
252KB

Download
memory/2832-18-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download