cd09f99ba28fd70e44de5dbc2445a4dca47542cef950c37c87561bc938327f56

Analysis

max time kernel
92s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2024 12:35

Target

6097ee7b9762c7c8637239ffb5c97939_JaffaCakes118.exe
Size

24KB
MD5

6097ee7b9762c7c8637239ffb5c97939
SHA1

5031c6b62e703702b70855c633222d5672fc6fab
SHA256

cd09f99ba28fd70e44de5dbc2445a4dca47542cef950c37c87561bc938327f56
SHA512

5dafc5ce0e650077ee71b8f1ec06b164c0aba43a9021f971d3c69726e9d844e2ed22acd860e5c7d92a652b92bb29b24dc741b7f7b3dc3a0471115a0410fde55a
SSDEEP

192:RD2lgA33vkGxMstsJK9B+K5Ci6NhPlcj9zHJ2WQ4Ti461oyaDb8zg:RDJbKN5CZIZQ4G461QDAE

Score

7^/10

Deletes itself 1 IoCs

pid	Process
3408	Googlepi.exe

Executes dropped EXE 2 IoCs

pid	Process
4164	Googlepi.exe
3408	Googlepi.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\Mation.inf	6097ee7b9762c7c8637239ffb5c97939_JaffaCakes118.exe
File created	C:\Windows\Debugs.inf	6097ee7b9762c7c8637239ffb5c97939_JaffaCakes118.exe
File created	C:\Windows\Googlepi.exe	6097ee7b9762c7c8637239ffb5c97939_JaffaCakes118.exe
File opened for modification	C:\Windows\Googlepi.exe	6097ee7b9762c7c8637239ffb5c97939_JaffaCakes118.exe
File created	C:\Windows\Debugs.inf	Googlepi.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 1388	2824	6097ee7b9762c7c8637239ffb5c97939_JaffaCakes118.exe	84
PID 2824 wrote to memory of 1388	2824	6097ee7b9762c7c8637239ffb5c97939_JaffaCakes118.exe	84
PID 2824 wrote to memory of 1388	2824	6097ee7b9762c7c8637239ffb5c97939_JaffaCakes118.exe	84
PID 1388 wrote to memory of 4164	1388	6097ee7b9762c7c8637239ffb5c97939_JaffaCakes118.exe	88
PID 1388 wrote to memory of 4164	1388	6097ee7b9762c7c8637239ffb5c97939_JaffaCakes118.exe	88
PID 1388 wrote to memory of 4164	1388	6097ee7b9762c7c8637239ffb5c97939_JaffaCakes118.exe	88
PID 4164 wrote to memory of 3408	4164	Googlepi.exe	89
PID 4164 wrote to memory of 3408	4164	Googlepi.exe	89
PID 4164 wrote to memory of 3408	4164	Googlepi.exe	89

C:\MyTemp

Filesize
84B

MD5
7f96448b40ce3d94a95634e6e99c2e8f

SHA1
3ab653cfcab05920df67d28e294d9feb2912a128

SHA256
bde371b31d77b400648ae9f804c1d426f1249282b589ba7c5723f11345887ff0

SHA512
4bbb78b1a2892a67592fb3fb2b631aeae9dd20d4037444e481c48ba2616327b9f9a5c602302da65c96edd0dee4afdfa5579ed143f30ce72289d3c1f07d37f1a4

Download Submit
C:\Windows\Googlepi.exe

Filesize
24.1MB

MD5
db57ee82835ba18e1477680d7d319819

SHA1
a91fc491c9fe2a6cdfa536a16f81cbdae51969f0

SHA256
6310ed37eabd1fbc2f31d60c582abf1ee6efe9eadc004105c9c5ce8bca14b874

SHA512
50189220c70458b65383be56c7ba01ff76f06cc6ea262591832dac76632e5bd2aa047ab6fb8e4cdcef28001326e9cdf2f616da783616f3213ef63654c1044467

Download Submit
C:\Windows\Mation.inf

Filesize
13B

MD5
e353e98883820415ad14807b2a97920f

SHA1
e0dd02b23270df333700e6f163cc84ad61e6bbfb

SHA256
d87401fe5397a05eaaa08623b898465764369ae13a9eb2c19f745b534d8750f5

SHA512
f3bcc630c0f7de4e144f9ec7b1dff1de033e56fb923ef5c7c96fdd5c59a1d50d89fc30c371ab569f61028c5fd3fe540a16ecefc0e2c26e5c4c3a15d98ff007c2

Download Submit