ed2c647c65c948433ec11d523fb0d952c473fe4c6629493f8ad48f057c9ae7cf

Analysis

max time kernel
140s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 07:44

Target

6258a38f51717749769d40989abb6d5a_JaffaCakes118.exe
Size

246KB
MD5

6258a38f51717749769d40989abb6d5a
SHA1

926c81134f4f1eeae01bdaf64953654636c5e6b3
SHA256

ed2c647c65c948433ec11d523fb0d952c473fe4c6629493f8ad48f057c9ae7cf
SHA512

04fbff5c0ebb38493295fd7fa54e063fd151ed461da62df288f0fe2ac873b7651fba2207c13a814b1d9ad058bad7de73a7f02ad0ea0a5adcc80fb93164f24977
SSDEEP

6144:3f7YeyUpc3VizWUkzwm4iqTu5jyLfbJSf8/6jVIYf0p:3aUpc3Vplxh5uzbJx3Yfy

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 4940	1556	6258a38f51717749769d40989abb6d5a_JaffaCakes118.exe	85
PID 1556 wrote to memory of 4940	1556	6258a38f51717749769d40989abb6d5a_JaffaCakes118.exe	85
PID 1556 wrote to memory of 4940	1556	6258a38f51717749769d40989abb6d5a_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\6258a38f51717749769d40989abb6d5a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6258a38f51717749769d40989abb6d5a_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Users\Admin\AppData\Local\Temp\6258a38f51717749769d40989abb6d5a_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\6258a38f51717749769d40989abb6d5a_JaffaCakes118.exe -deleter
  2⤵
  PID:4940

C:\Users\Admin\AppData\Local\Temp\ISPackFiles.ini

Filesize
263B

MD5
31690dcf7728fda48a492e20258813bc

SHA1
3a1375eced6510f77961fe404f039ac2f655ccb3

SHA256
e0954c766dafa0127806b16c7de6f72a28ad1af1a87eddf0ae0179a83a8c107d

SHA512
5fc9096536b253f4313476b55b24003350d4f6d17d7ca430c3e069a318cad793dad13b897c9d0580bb5346e5c908425b7372d888ec00c4e6ca228ace84cf92aa

Download Submit