3af60d38a133b1d0cb5e266520516a6df4195b947bb8118dde46a56140e93fe8

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 14:09

Target

5c44d7408b2eaca6581561fa5d7b1a43_JaffaCakes118.exe
Size

31KB
MD5

5c44d7408b2eaca6581561fa5d7b1a43
SHA1

339208cdb954b4d873fd516006b779a04a386bde
SHA256

3af60d38a133b1d0cb5e266520516a6df4195b947bb8118dde46a56140e93fe8
SHA512

f686071813bd5ecc576469b8673fb176fbe22288e09f2a12e2a73c104c577f866a85f9b46227c49e5e2ccaffe7ccd7ecc7de65cf828dd45900d7899b77197133
SSDEEP

768:Z7h7TzTBziifTeiZSVWihwEknh0L7OTLeNfQfY:xZ/nEkh8OTKNh

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
972	5c44d7408b2eaca6581561fa5d7b1a43_JaffaCakes118.exe
972	5c44d7408b2eaca6581561fa5d7b1a43_JaffaCakes118.exe
972	5c44d7408b2eaca6581561fa5d7b1a43_JaffaCakes118.exe
972	5c44d7408b2eaca6581561fa5d7b1a43_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 972 wrote to memory of 3456	972	5c44d7408b2eaca6581561fa5d7b1a43_JaffaCakes118.exe	56
PID 972 wrote to memory of 3456	972	5c44d7408b2eaca6581561fa5d7b1a43_JaffaCakes118.exe	56
PID 972 wrote to memory of 3456	972	5c44d7408b2eaca6581561fa5d7b1a43_JaffaCakes118.exe	56
PID 972 wrote to memory of 3456	972	5c44d7408b2eaca6581561fa5d7b1a43_JaffaCakes118.exe	56

memory/972-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/972-1-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/972-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/972-7-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3456-2-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/3456-3-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

Filesize
4KB

Download