83c169d9301775f05d9a54f595c67de455f0c7082498407d160df1256a68ca3c

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
10-08-2024 16:40

Target

86d7795dccd8abba10a8e39b788b9209_JaffaCakes118.exe
Size

978KB
MD5

86d7795dccd8abba10a8e39b788b9209
SHA1

70ffcd3ec166e0b61246e7aac45b923039e56c0c
SHA256

83c169d9301775f05d9a54f595c67de455f0c7082498407d160df1256a68ca3c
SHA512

23130e9d29e4030af53554edc86ff1e0e98527cb28f64d70fcadcd2a3abd58df21819ad360ee756cb3ee253acd48269603540149af34c3be8cecfba5fe275f81
SSDEEP

24576:IeTV5nOiJ37zQpvLCpbnYrm5QLDp1f0lkJtVxa/ju67kH/6sT:tb37B1YrWQLdZ0lctVg/jT4RT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2864	2208	86d7795dccd8abba10a8e39b788b9209_JaffaCakes118.exe	30
PID 2208 wrote to memory of 2864	2208	86d7795dccd8abba10a8e39b788b9209_JaffaCakes118.exe	30
PID 2208 wrote to memory of 2864	2208	86d7795dccd8abba10a8e39b788b9209_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\86d7795dccd8abba10a8e39b788b9209_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\86d7795dccd8abba10a8e39b788b9209_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 400
  2⤵
  PID:2864

memory/2208-0-0x000007FEF5ADE000-0x000007FEF5ADF000-memory.dmp

Filesize
4KB

Download
memory/2208-1-0x000000001B0F0000-0x000000001B223000-memory.dmp

Filesize
1.2MB

Download
memory/2208-2-0x000007FEF5820000-0x000007FEF61BD000-memory.dmp

Filesize
9.6MB

Download
memory/2208-3-0x000007FEF5820000-0x000007FEF61BD000-memory.dmp

Filesize
9.6MB

Download
memory/2208-5-0x000007FEF5820000-0x000007FEF61BD000-memory.dmp

Filesize
9.6MB

Download
memory/2864-4-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download