5b1aab8130a4f550bdca9e56b5c9eb70f38ef0e32785cbde98e358af8cea3da4

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2024 20:29

Target

3ec64c86dad989b8819748459130165b_JaffaCakes118.exe
Size

24KB
MD5

3ec64c86dad989b8819748459130165b
SHA1

bb0244dd4cdbcfbdbaac39151520ae52279164bb
SHA256

5b1aab8130a4f550bdca9e56b5c9eb70f38ef0e32785cbde98e358af8cea3da4
SHA512

79f6df7dab0d14156fa622b931c6d85fd8ff3c874374e568d7e0a9cdb11db3c69faab179b8f42488fc27a9e4687657d74e7bcc5678365bcb0ac97207b1976fb9
SSDEEP

192:Reh2lAAMaGxJst6DAMzkOrnF4xDA8Hpncj9zHJ+WQ4Ti461oyaZb77oE:R4iC8MtF4xDAykJQ4G461QZv7p

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1296	Googleod.exe

Executes dropped EXE 2 IoCs

pid	Process
3328	Googleod.exe
1296	Googleod.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\Mation.inf	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe
File created	C:\Windows\Debugs.inf	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe
File created	C:\Windows\Googleod.exe	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe
File opened for modification	C:\Windows\Googleod.exe	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe
File created	C:\Windows\Debugs.inf	Googleod.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 4104	2248	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe	84
PID 2248 wrote to memory of 4104	2248	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe	84
PID 2248 wrote to memory of 4104	2248	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe	84
PID 4104 wrote to memory of 3328	4104	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe	87
PID 4104 wrote to memory of 3328	4104	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe	87
PID 4104 wrote to memory of 3328	4104	3ec64c86dad989b8819748459130165b_JaffaCakes118.exe	87
PID 3328 wrote to memory of 1296	3328	Googleod.exe	88
PID 3328 wrote to memory of 1296	3328	Googleod.exe	88
PID 3328 wrote to memory of 1296	3328	Googleod.exe	88

C:\MyTemp

Filesize
84B

MD5
a68d1718a598afa5b22bc22061b6ed22

SHA1
7f798bcffac5356215a993f1d10b5b4b835b4747

SHA256
36747539c24d7b71c0e6f842019030d5d0c8ed082dedc1e8db98484bd1706d42

SHA512
ca2b72020d01277b00153a049d2c0b3362b2f3e962eb58f22b9ea0f03faa74fcddf436535fe4262930e26e23a1358772124bf76e7acd332bff1e0ff0ff5c059f

Download Submit
C:\Windows\Googleod.exe

Filesize
4.8MB

MD5
f9a0ea86efde1675d614a71206ab4db8

SHA1
cade528af7c03e6df196800d8fc35ccc0465908d

SHA256
ba010fcd83254b119dea357e9a61181259972bdbe4c8b355a97d365d5d8c009f

SHA512
84dc53c31c1dec85a4c66fb309301c0a2b8b24317698d4b5725e43a6d9c7d6aa295beb4c7dcdd6452a9714fa9c463ac053fd9734572f99d145aca2a29d5424c6

Download Submit
C:\Windows\Mation.inf

Filesize
13B

MD5
e353e98883820415ad14807b2a97920f

SHA1
e0dd02b23270df333700e6f163cc84ad61e6bbfb

SHA256
d87401fe5397a05eaaa08623b898465764369ae13a9eb2c19f745b534d8750f5

SHA512
f3bcc630c0f7de4e144f9ec7b1dff1de033e56fb923ef5c7c96fdd5c59a1d50d89fc30c371ab569f61028c5fd3fe540a16ecefc0e2c26e5c4c3a15d98ff007c2

Download Submit