377f54b5859c1bba756d10d71b33072202905e7c3f05a4c44401e69c09af0214

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 08:56

Target

491794d2b8945db440ad930bb39ee041_JaffaCakes118.exe
Size

173KB
MD5

491794d2b8945db440ad930bb39ee041
SHA1

6d12dc683c7ef13d6ce9efd7ab63589599bab98c
SHA256

377f54b5859c1bba756d10d71b33072202905e7c3f05a4c44401e69c09af0214
SHA512

16b9c496671ebc61b0fb6e3f5c452777f59bca9aed3078a81a992d350a8f2748340a2c4877b6bf83d9644e579db45fe853c64ee2ed42b6c3331d814b7ed4886b
SSDEEP

3072:wZLJXj0tMsWKspUgBa2e7H1lglxwF6JJmUykG8Nj38h7j4Uur7MqqDhkssn8IpI:idXj0g1azwwFlUykM0UK4qqDhD

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2500	cmd.exe

Loads dropped DLL 1 IoCs

pid	Process
2480	491794d2b8945db440ad930bb39ee041_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ro.dll	491794d2b8945db440ad930bb39ee041_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ro.dll	491794d2b8945db440ad930bb39ee041_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2500	2480	491794d2b8945db440ad930bb39ee041_JaffaCakes118.exe	31
PID 2480 wrote to memory of 2500	2480	491794d2b8945db440ad930bb39ee041_JaffaCakes118.exe	31
PID 2480 wrote to memory of 2500	2480	491794d2b8945db440ad930bb39ee041_JaffaCakes118.exe	31
PID 2480 wrote to memory of 2500	2480	491794d2b8945db440ad930bb39ee041_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\491794d2b8945db440ad930bb39ee041_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\491794d2b8945db440ad930bb39ee041_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\del.bat
  2⤵
  - Deletes itself
  PID:2500

C:\Users\Admin\AppData\Local\Temp\del.bat

Filesize
228B

MD5
8ad880ce43ca008edf8e30c32b7fb9a6

SHA1
c3b042402ba0b63e66c387ae93a0f8fc48d05036

SHA256
dcf8bd3f113b89c3cc967171203774ac56a80d9ea2c47fe371ccdcd6bcd78c94

SHA512
9f6c1a38e1491a10c949de4c59a90c19bfe1e772b831c48e2832df4c29aaddd11fabbf756422e5010e5640bd5d21f9fa4589279237184ee0369e3fc92b83467b

Download Submit
\Windows\SysWOW64\ro.dll

Filesize
126KB

MD5
7dfb12c8388e370539f578870e5d14a0

SHA1
278f22ac6ca05a870c8428fdc20ac8532d020222

SHA256
7b8acc3f02d40aae9279ebec9746fd7fbb06c1ca2720123536a4d5d7cb128400

SHA512
3104784b06a7452747fd918203824b50f1779604def41aad8f7377ff0379639b292b021299494b652603bdbbe69bfdbcb6d9e2bf7f47e54d5c8c64fbfa8008b2

Download Submit
memory/2480-3-0x0000000000280000-0x00000000002A5000-memory.dmp

Filesize
148KB

Download
memory/2480-12-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download