5b1aab8130a4f550bdca9e56b5c9eb70f38ef0e32785cbde98e358af8cea3da4

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 20:29

Target

3ec64c86dad989b8819748459130165b_JaffaCakes118.exe
Size

24KB
MD5

3ec64c86dad989b8819748459130165b
SHA1

bb0244dd4cdbcfbdbaac39151520ae52279164bb
SHA256

5b1aab8130a4f550bdca9e56b5c9eb70f38ef0e32785cbde98e358af8cea3da4
SHA512

79f6df7dab0d14156fa622b931c6d85fd8ff3c874374e568d7e0a9cdb11db3c69faab179b8f42488fc27a9e4687657d74e7bcc5678365bcb0ac97207b1976fb9
SSDEEP

192:Reh2lAAMaGxJst6DAMzkOrnF4xDA8Hpncj9zHJ+WQ4Ti461oyaZb77oE:R4iC8MtF4xDAykJQ4G461QZv7p

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1544	Googlehq.exe

Executes dropped EXE 2 IoCs

pid	Process
2548	Googlehq.exe
1544	Googlehq.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Googlehq.exe	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe
File opened for modification	C:\Windows\Googlehq.exe	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe
File created	C:\Windows\Debugs.inf	Googlehq.exe
File created	C:\Windows\Debugs.inf	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 464 wrote to memory of 2368	464	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe	30
PID 464 wrote to memory of 2368	464	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe	30
PID 464 wrote to memory of 2368	464	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe	30
PID 464 wrote to memory of 2368	464	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe	30
PID 2368 wrote to memory of 2548	2368	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe	31
PID 2368 wrote to memory of 2548	2368	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe	31
PID 2368 wrote to memory of 2548	2368	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe	31
PID 2368 wrote to memory of 2548	2368	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe	31
PID 2548 wrote to memory of 1544	2548	Googlehq.exe	32
PID 2548 wrote to memory of 1544	2548	Googlehq.exe	32
PID 2548 wrote to memory of 1544	2548	Googlehq.exe	32
PID 2548 wrote to memory of 1544	2548	Googlehq.exe	32

C:\MyTemp

Filesize
84B

MD5
a68d1718a598afa5b22bc22061b6ed22

SHA1
7f798bcffac5356215a993f1d10b5b4b835b4747

SHA256
36747539c24d7b71c0e6f842019030d5d0c8ed082dedc1e8db98484bd1706d42

SHA512
ca2b72020d01277b00153a049d2c0b3362b2f3e962eb58f22b9ea0f03faa74fcddf436535fe4262930e26e23a1358772124bf76e7acd332bff1e0ff0ff5c059f

Download Submit
C:\Windows\Googlehq.exe

Filesize
8.7MB

MD5
3eb8d734833e1d174292e31c46d8ead0

SHA1
e1b9a2d31fdec92def65fcf41574253dd83cc989

SHA256
404081de02542cc3927c29a492315ae06e4517f03e8ee2b47ad8ae27651ed67b

SHA512
c193308c25fbcc51d15a3bce12c3485dd35d9ad056c0af679c11b2b472bc7d4f16a0bc03174642e4c612a7307e1deb53d500c0dfac9ddb8eed94b67e9e24fe70

Download Submit