f0d76234121ad8ed5d0709ec2050611ac398a1b4bf56ddc2cd29a50d1635003e

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 04:06

Target

402197168063062035222fe7e473b599_JaffaCakes118.exe
Size

291KB
MD5

402197168063062035222fe7e473b599
SHA1

0de7b3b4dd2e2cf38271f595939e2c37fb189682
SHA256

f0d76234121ad8ed5d0709ec2050611ac398a1b4bf56ddc2cd29a50d1635003e
SHA512

5624e09cf7babd0f8db89ac4198189113c598f6b1a05da997d2d882ca5f0c03dbf9ee9990cce83fb5660da5aa55fd5ed2e32cfd2405191596450d67a204adf50
SSDEEP

6144:SQccOg314YK5N1T5/N4shwwbRge2ED8w+5sGk2Z/DgBi:SLcL1MN1lisy7e2EKjk2Z/EBi

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2096	DF57.tmp

Loads dropped DLL 3 IoCs

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2384	402197168063062035222fe7e473b599_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2096	2384	402197168063062035222fe7e473b599_JaffaCakes118.exe	31
PID 2384 wrote to memory of 2096	2384	402197168063062035222fe7e473b599_JaffaCakes118.exe	31
PID 2384 wrote to memory of 2096	2384	402197168063062035222fe7e473b599_JaffaCakes118.exe	31
PID 2384 wrote to memory of 2096	2384	402197168063062035222fe7e473b599_JaffaCakes118.exe	31
PID 2384 wrote to memory of 1980	2384	402197168063062035222fe7e473b599_JaffaCakes118.exe	32
PID 2384 wrote to memory of 1980	2384	402197168063062035222fe7e473b599_JaffaCakes118.exe	32
PID 2384 wrote to memory of 1980	2384	402197168063062035222fe7e473b599_JaffaCakes118.exe	32
PID 2384 wrote to memory of 1980	2384	402197168063062035222fe7e473b599_JaffaCakes118.exe	32

C:\Users\Admin\AppData\Local\Temp\402197168063062035222fe7e473b599_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\402197168063062035222fe7e473b599_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Users\Admin\AppData\Local\Temp\DF57.tmp
  C:\Users\Admin\AppData\Local\Temp\DF57.tmp
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Users\Admin\AppData\Local\Temp\402197168063062035222fe7e473b599_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\402197168063062035222fe7e473b599_JaffaCakes118.exe" --cp "C:\Users\Admin\AppData\Local\Temp\DF77.tmp"
  2⤵
  PID:1980

C:\Users\Admin\AppData\Local\Temp\DF77.tmp

Filesize
291KB

MD5
daf75c89359fc85f9929e6c2c67c3d39

SHA1
024e1786d11db50759b05f438cf1d23380290dd6

SHA256
8e1e7bca290a5b8ec9bc7f84d1ac29455588cb2fe4519deaedabcda34f3e91e8

SHA512
67a49e6e63b628a96acf37c397178c8474fc3d3213a10c2a272cd3a3a946e0874c02b49dc60593fd299ffa32839954fb09b26cf30a117e6b4ed54699576a0f22

Download Submit
\Users\Admin\AppData\Local\Temp\DF57.tmp

Filesize
243KB

MD5
448817bcbcefa5561bda51fc018ef072

SHA1
9ca9223be71564c51cca533a06a5972f95f79680

SHA256
a91d9797a4b1a5394a917a894c96156cb5c61de5ef9b055260354732486406e1

SHA512
4b021c7116e63f4fda174461b4350bb0953735c9560444164d169b62fc28dd8c6f53e399d4e6e2c79b8045e337de022929703387a7d8d7ca2c0334ec2c25edd1

Download Submit
memory/1980-14-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2096-11-0x0000000000400000-0x000000000043F0A0-memory.dmp

Filesize
252KB

Download
memory/2384-0-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2384-4-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download