2b0574590fc66fb7cc5aa9c10cbbb05003a0f268f4b7858ce0fbc659dfa05d84

Analysis

max time kernel
136s
max time network
135s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 16:49

Target

42879db12b839f46600c06e20e47b663_JaffaCakes118.exe
Size

281KB
MD5

42879db12b839f46600c06e20e47b663
SHA1

7aa3fda5befb459fc89826f82d1e90d79f9f3b6d
SHA256

2b0574590fc66fb7cc5aa9c10cbbb05003a0f268f4b7858ce0fbc659dfa05d84
SHA512

12f6e4974100901ba19c4bcff52a7fa2b53f696f335d0ceeff06f6f41b22f5bf9813b37a4eb4f1115ad0983dd61956aea11c9b1397912f6fe1efb97196987f7d
SSDEEP

3072:gvVteka8+OtAcKlSRz5THoWGxF8AjJkvZniI274Ym17Iy9vu8np2Ai:SVTarW9Q2dMHjWhS4fz9Nphi

Score

10^/10

Credentials

Credentials

Executes dropped EXE 1 IoCs

pid	Process
2504	jusched.exe

Loads dropped DLL 2 IoCs

pid	Process
1944	42879db12b839f46600c06e20e47b663_JaffaCakes118.exe
1944	42879db12b839f46600c06e20e47b663_JaffaCakes118.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\8b7533b1\jusched.exe	42879db12b839f46600c06e20e47b663_JaffaCakes118.exe
File created	C:\Program Files (x86)\8b7533b1\8b7533b1	42879db12b839f46600c06e20e47b663_JaffaCakes118.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Update23.job	42879db12b839f46600c06e20e47b663_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 2504	1944	42879db12b839f46600c06e20e47b663_JaffaCakes118.exe	29
PID 1944 wrote to memory of 2504	1944	42879db12b839f46600c06e20e47b663_JaffaCakes118.exe	29
PID 1944 wrote to memory of 2504	1944	42879db12b839f46600c06e20e47b663_JaffaCakes118.exe	29
PID 1944 wrote to memory of 2504	1944	42879db12b839f46600c06e20e47b663_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\42879db12b839f46600c06e20e47b663_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\42879db12b839f46600c06e20e47b663_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Program Files (x86)\8b7533b1\jusched.exe
  "C:\Program Files (x86)\8b7533b1\jusched.exe"
  2⤵
  - Executes dropped EXE
  PID:2504

C:\Program Files (x86)\8b7533b1\8b7533b1

Filesize
17B

MD5
209aa6c14d66621f3aa1cee03a8bf5dc

SHA1
0f5bce2a29d3306586934b6d846a172078ee8e66

SHA256
57ef9e3c809cf3ca41782d4c7119c3ae7e43ccbb1c00d978b745677f14b82c2e

SHA512
8b9fb2bcc8e8785a48d3fe212f852c2f108ef2ab20e9e2a61e9bba5857002abe9111e42411bfc573e50c126031b7ef0433bddfa357de2ca0814f7d31157b9c63

Download Submit
\Program Files (x86)\8b7533b1\jusched.exe

Filesize
282KB

MD5
a83e0bd062ac7a046c2300b155e3da00

SHA1
b94910e09646e94952a59d8722af9d31188028de

SHA256
c9cd33575822c3c6b099290661ed170221f3da9edd844ac30896e5bf5a8ab5af

SHA512
6d2937d12f9c5de831decfc4008d60ab790e271df690b1dd1c65a81e086702c1e4deb74620c59e5f81b2485b65423f60611e6a04db14dafca8668e06cc157f3b

Download Submit
memory/1944-0-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/1944-12-0x0000000002450000-0x00000000024A7000-memory.dmp

Filesize
348KB

Download
memory/1944-11-0x0000000002450000-0x00000000024A7000-memory.dmp

Filesize
348KB

Download
memory/1944-13-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/2504-15-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/2504-16-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download