57523108153d6aa7a439c745ba8bf50f01aa9c40c7867e75e3599e3575dd8199

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 15:56 UTC

Target

86b4544e09d55ab5b001bf15489c0afc_JaffaCakes118.exe
Size

7KB
MD5

86b4544e09d55ab5b001bf15489c0afc
SHA1

3f1de52e278b13379fad5ec8aec7bd5c2caca5c1
SHA256

57523108153d6aa7a439c745ba8bf50f01aa9c40c7867e75e3599e3575dd8199
SHA512

59141da234cdd47cd159a3cd563b640ae1c6c345e16c55cd9fe0cbada4f39e2cc0ea73c6d5fd62243cd555a35cfc522d3aef3535d241e9f705534720e8233928
SSDEEP

96:LkoG6kHWjs8F7TssS61vF5cE2TYlnlYJnLeL0Kff345Clv1r5RXmm68ajF:Lljs8NvS61wV2nlYJLeLTg4zn6T

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2496	dw20.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 2496	2568	86b4544e09d55ab5b001bf15489c0afc_JaffaCakes118.exe	32
PID 2568 wrote to memory of 2496	2568	86b4544e09d55ab5b001bf15489c0afc_JaffaCakes118.exe	32
PID 2568 wrote to memory of 2496	2568	86b4544e09d55ab5b001bf15489c0afc_JaffaCakes118.exe	32

C:\Users\Admin\AppData\Local\Temp\86b4544e09d55ab5b001bf15489c0afc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\86b4544e09d55ab5b001bf15489c0afc_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 408
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2496

memory/2496-2-0x0000000000460000-0x0000000000461000-memory.dmp

Filesize
4KB

Download
memory/2568-0-0x000007FEF648E000-0x000007FEF648F000-memory.dmp

Filesize
4KB

Download
memory/2568-1-0x000007FEF61D0000-0x000007FEF6B6D000-memory.dmp

Filesize
9.6MB

Download
memory/2568-3-0x000007FEF648E000-0x000007FEF648F000-memory.dmp

Filesize
4KB

Download
memory/2568-4-0x000007FEF61D0000-0x000007FEF6B6D000-memory.dmp

Filesize
9.6MB

Download