d514a54a53d6eb6d7f692cf1f7a543e2e04027e5cf72f15dbffd4a93dc4cf893

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 05:40

Target

4d056de74d3d97be903f8332d6847a20_JaffaCakes118.exe
Size

176KB
MD5

4d056de74d3d97be903f8332d6847a20
SHA1

3f520c504ae3dbc77cb890f4a2b735d3c91e0653
SHA256

d514a54a53d6eb6d7f692cf1f7a543e2e04027e5cf72f15dbffd4a93dc4cf893
SHA512

5a99d6adb037ba5d266af97bfac3a1ee801824320893b480ad210a0afd87155deaa550bf0151e18a02c89e78cd83df07f51036963d4c58a5bf33f0a44c91001e
SSDEEP

3072:h3pXaaYJHGb4vm1YbRJGiv0jKagDJmKbgemPMMy4Ff7A03OgjsRf:Z8MpWbp0jKa4dbYPMMy4tJRjsR

Score

7^/10

Executes dropped EXE 2 IoCs

pid	Process
4268	dtdump.exe
4540	dtdump.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3672 wrote to memory of 4964	3672	4d056de74d3d97be903f8332d6847a20_JaffaCakes118.exe	84
PID 3672 wrote to memory of 4964	3672	4d056de74d3d97be903f8332d6847a20_JaffaCakes118.exe	84
PID 3672 wrote to memory of 4964	3672	4d056de74d3d97be903f8332d6847a20_JaffaCakes118.exe	84
PID 4964 wrote to memory of 4268	4964	4d056de74d3d97be903f8332d6847a20_JaffaCakes118.exe	85
PID 4964 wrote to memory of 4268	4964	4d056de74d3d97be903f8332d6847a20_JaffaCakes118.exe	85
PID 4964 wrote to memory of 4268	4964	4d056de74d3d97be903f8332d6847a20_JaffaCakes118.exe	85
PID 4268 wrote to memory of 4540	4268	dtdump.exe	86
PID 4268 wrote to memory of 4540	4268	dtdump.exe	86
PID 4268 wrote to memory of 4540	4268	dtdump.exe	86

C:\Users\Admin\AppData\Local\Temp\4d056de74d3d97be903f8332d6847a20_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4d056de74d3d97be903f8332d6847a20_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3672
- C:\Users\Admin\AppData\Local\Temp\4d056de74d3d97be903f8332d6847a20_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\4d056de74d3d97be903f8332d6847a20_JaffaCakes118.exe" 2284
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4964
- - C:\Users\Admin\AppData\Local\Temp\dtdump.exe
    "C:\Users\Admin\AppData\Local\Temp\dtdump.exe" {20F2DBC0-6304-414a-8927-B666CAE93347} 5028 "C:\Users\Admin\AppData\Local\Temp\4d056de74d3d97be903f8332d6847a20_JaffaCakes118.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\dtdump.exe
      "C:\Users\Admin\AppData\Local\Temp\dtdump.exe" {20F2DBC0-6304-414a-8927-B666CAE93347} 5028 652 "C:\Users\Admin\AppData\Local\Temp\4d056de74d3d97be903f8332d6847a20_JaffaCakes118.exe"
      4⤵
      Executes dropped EXE
      PID:4540

C:\Users\Admin\AppData\Local\Temp\dtdump.exe

Filesize
176KB

MD5
b4ba88a7bfab123162c9fa369d217544

SHA1
6a70d27ed59fe5431902ad68cc67d0c5c9313fb7

SHA256
bca8766036933739f60faff551531cee49dc2f455bc75152038c4d22c2270751

SHA512
a56064957ee65428150a45cb3931f6a2bceaedc7824083ab2271e111ad7ad433d3efb60093fe9c40365bf33438eac564b92ae8894cc4358bb1584470839f0fd0

Download Submit