fde038561cd0b1517ca8e97c377627ab793b4f8e7487f01e67a24f63538acd85

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 05:21

Target

40586b6fd4ab4c8c8d9087851df178f1_JaffaCakes118.exe
Size

305KB
MD5

40586b6fd4ab4c8c8d9087851df178f1
SHA1

82c64b57eecb7febc63fdf9de2ad76aaa640aea4
SHA256

fde038561cd0b1517ca8e97c377627ab793b4f8e7487f01e67a24f63538acd85
SHA512

cff3ccc750adb58cc091627d16e13f2c0e5b3bc1bf01c862870d2dd9eae469ea546f16149926f0f354e61831be8c909593131946a3a47d4d3d04bc1b95bec98b
SSDEEP

6144:1RToWXjdy2JQgGsXJs4SknMvIl0qO3Xht8zGZWVMeA:1RMWkmQDsXJhSQMvI7O3xtzWVY

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2824	9F3C.tmp

Loads dropped DLL 3 IoCs

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3044	40586b6fd4ab4c8c8d9087851df178f1_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2824	3044	40586b6fd4ab4c8c8d9087851df178f1_JaffaCakes118.exe	30
PID 3044 wrote to memory of 2824	3044	40586b6fd4ab4c8c8d9087851df178f1_JaffaCakes118.exe	30
PID 3044 wrote to memory of 2824	3044	40586b6fd4ab4c8c8d9087851df178f1_JaffaCakes118.exe	30
PID 3044 wrote to memory of 2824	3044	40586b6fd4ab4c8c8d9087851df178f1_JaffaCakes118.exe	30
PID 3044 wrote to memory of 2796	3044	40586b6fd4ab4c8c8d9087851df178f1_JaffaCakes118.exe	31
PID 3044 wrote to memory of 2796	3044	40586b6fd4ab4c8c8d9087851df178f1_JaffaCakes118.exe	31
PID 3044 wrote to memory of 2796	3044	40586b6fd4ab4c8c8d9087851df178f1_JaffaCakes118.exe	31
PID 3044 wrote to memory of 2796	3044	40586b6fd4ab4c8c8d9087851df178f1_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\40586b6fd4ab4c8c8d9087851df178f1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\40586b6fd4ab4c8c8d9087851df178f1_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Users\Admin\AppData\Local\Temp\9F3C.tmp
  C:\Users\Admin\AppData\Local\Temp\9F3C.tmp
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Users\Admin\AppData\Local\Temp\40586b6fd4ab4c8c8d9087851df178f1_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\40586b6fd4ab4c8c8d9087851df178f1_JaffaCakes118.exe" --cp "C:\Users\Admin\AppData\Local\Temp\9F4C.tmp"
  2⤵
  PID:2796

C:\Users\Admin\AppData\Local\Temp\9F3C.tmp

Filesize
252KB

MD5
bb3f142515170293226f6928bd276090

SHA1
8d4eaaf036b7983def636b8777b657f4cc10bd47

SHA256
0976d820648b75d05af898b449f16a400997e9f78cfdb5182602a1145d88df67

SHA512
02032fdd7d2c20ab89a015a36de1173378769181b519dd8b2f8df19c578e1d8bec557535efc0b5b8e50cfc9521218c18eeef038cf2e3a256182498a68e57ddfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\9F4C.tmp

Filesize
305KB

MD5
775b96684d02f6c71421c19041c68c5e

SHA1
44a4e51ef4d17fba0f197d83cf2d1b8153c00d96

SHA256
1d94ebbcb7e843fbaf83f8e54ba8ff45bc290b626fbc1b867c0d4bdd9ffa8731

SHA512
283fccc94a54700a841afe5fcac4ee8033090cb63b75f00afe871f5d0629bebf45ff3aa1d54c563259757ce7aaa975bbdf834bb03549897d9554c456a1216276

Download Submit
memory/2796-13-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/2824-19-0x0000000000400000-0x0000000000441620-memory.dmp

Filesize
261KB

Download
memory/3044-0-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/3044-2-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/3044-17-0x00000000004A0000-0x00000000004F1000-memory.dmp

Filesize
324KB

Download
memory/3044-20-0x00000000004A0000-0x00000000004F1000-memory.dmp

Filesize
324KB

Download
memory/3044-22-0x00000000004A0000-0x00000000004F1000-memory.dmp

Filesize
324KB

Download