e3b747c141bf983d2d719bf2c690fc08cb08a96b6154b337559738ab18d3ebe6

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 10:03

Target

6721f6ee0a421482ba8c21ff6ea09571_JaffaCakes118.exe
Size

208KB
MD5

6721f6ee0a421482ba8c21ff6ea09571
SHA1

d72111a083637ad387de25d184b4cf649ba76bec
SHA256

e3b747c141bf983d2d719bf2c690fc08cb08a96b6154b337559738ab18d3ebe6
SHA512

743696f76a582f51d12ad05763cf65f6be5c3d159f3fb79510c7167ec802628e5bd9326fca9805c2e5172a7a0fa529f222f1348a9b768cd433b4a0a88c2d1162
SSDEEP

3072:zwzgDD0mXq6sJ+TNwguhdfr02HpPAo6/TDv8Az3HfWIy+d9BMRZ:LgBSNwgcdf9ZAZZ3Hu8dbM

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1540	6721f6ee0a421482ba8c21ff6ea09571_JaffaCakes118.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1540	6721f6ee0a421482ba8c21ff6ea09571_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 1200	1540	6721f6ee0a421482ba8c21ff6ea09571_JaffaCakes118.exe	20
PID 1540 wrote to memory of 1200	1540	6721f6ee0a421482ba8c21ff6ea09571_JaffaCakes118.exe	20
PID 1540 wrote to memory of 1200	1540	6721f6ee0a421482ba8c21ff6ea09571_JaffaCakes118.exe	20
PID 1540 wrote to memory of 1200	1540	6721f6ee0a421482ba8c21ff6ea09571_JaffaCakes118.exe	20
PID 1540 wrote to memory of 1200	1540	6721f6ee0a421482ba8c21ff6ea09571_JaffaCakes118.exe	20

memory/1540-1-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1540-0-0x00000000003D0000-0x00000000003F3000-memory.dmp

Filesize
140KB

Download
memory/1540-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download