8368f9b82d2fe4f7aafed62f5eb0b6994c796859707c8960e9dd59b7d090ab34

Analysis

max time kernel
139s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 13:01

Target

67b1a678179956ee4076f44d39ecad89_JaffaCakes118.exe
Size

173KB
MD5

67b1a678179956ee4076f44d39ecad89
SHA1

fe5a10c425a29082a1be634167206d5df04fcff5
SHA256

8368f9b82d2fe4f7aafed62f5eb0b6994c796859707c8960e9dd59b7d090ab34
SHA512

72f03ad92e49b9219c66eba683fd24b4aad0f4f41d98aafad81394e836564265580d6d6a0e2d50e73c428b06ff7146b57c8582d9f45a0620b4db61db5c8884c4
SSDEEP

3072:2ZLJXj0tMsWKyRwBa2e7H1lglxwF6JJmUykG8Nj38h7jWUfTMqqDhk+snT5IBI:cdXj0HazwwFlUykMqUfgqqDhpG

Score

7^/10

Loads dropped DLL 2 IoCs

pid	Process
4824	67b1a678179956ee4076f44d39ecad89_JaffaCakes118.exe
4824	67b1a678179956ee4076f44d39ecad89_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ro.dll	67b1a678179956ee4076f44d39ecad89_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ro.dll	67b1a678179956ee4076f44d39ecad89_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 3924	4824	67b1a678179956ee4076f44d39ecad89_JaffaCakes118.exe	87
PID 4824 wrote to memory of 3924	4824	67b1a678179956ee4076f44d39ecad89_JaffaCakes118.exe	87
PID 4824 wrote to memory of 3924	4824	67b1a678179956ee4076f44d39ecad89_JaffaCakes118.exe	87

C:\Users\Admin\AppData\Local\Temp\67b1a678179956ee4076f44d39ecad89_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\67b1a678179956ee4076f44d39ecad89_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\del.bat
  2⤵
  PID:3924

C:\Users\Admin\AppData\Local\Temp\del.bat

Filesize
228B

MD5
851ffa4fb537aa40575a4eb474ee085a

SHA1
70ea6f2bbb3d82083e3886fe057431048e32ec56

SHA256
63cb229b62d3d10822b071aa8a8264e3a310ec07d5f3577260f33ec5632eb99a

SHA512
0a77874b01bed87f010f3b7b3562f6676bd77519bb03d038cc57f5f7fe70b274289414dd514a600a40fcddc2dfcf3b6e408d5a6e08adddc6e7e2a5bace19af1c

Download Submit
C:\Windows\SysWOW64\ro.dll

Filesize
126KB

MD5
50e20286e703a00fe83913424ea003c5

SHA1
0a73a655020469656248d6246694a8936db3f926

SHA256
e1cbfb839289ec19e643c8093aeb253c96ba9d1ece47adf69cc7c06410640acf

SHA512
5bcb07665a47d441ab61e764e0b7b732b448f983cc4a6972b51decb75e8bf9c3f90cdc70e1e78e04edc0a151a0d645ffd95ac5bdaf4dc5b497f570be271b1851

Download Submit
memory/4824-5-0x00000000025E0000-0x0000000002605000-memory.dmp

Filesize
148KB

Download
memory/4824-9-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download