Analysis
-
max time kernel
117s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
10/08/2024, 15:56 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
86b4544e09d55ab5b001bf15489c0afc_JaffaCakes118.exe
Resource
win7-20240705-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
86b4544e09d55ab5b001bf15489c0afc_JaffaCakes118.exe
Resource
win10v2004-20240802-en
4 signatures
150 seconds
General
-
Target
86b4544e09d55ab5b001bf15489c0afc_JaffaCakes118.exe
-
Size
7KB
-
MD5
86b4544e09d55ab5b001bf15489c0afc
-
SHA1
3f1de52e278b13379fad5ec8aec7bd5c2caca5c1
-
SHA256
57523108153d6aa7a439c745ba8bf50f01aa9c40c7867e75e3599e3575dd8199
-
SHA512
59141da234cdd47cd159a3cd563b640ae1c6c345e16c55cd9fe0cbada4f39e2cc0ea73c6d5fd62243cd555a35cfc522d3aef3535d241e9f705534720e8233928
-
SSDEEP
96:LkoG6kHWjs8F7TssS61vF5cE2TYlnlYJnLeL0Kff345Clv1r5RXmm68ajF:Lljs8NvS61wV2nlYJLeLTg4zn6T
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2496 dw20.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2568 wrote to memory of 2496 2568 86b4544e09d55ab5b001bf15489c0afc_JaffaCakes118.exe 32 PID 2568 wrote to memory of 2496 2568 86b4544e09d55ab5b001bf15489c0afc_JaffaCakes118.exe 32 PID 2568 wrote to memory of 2496 2568 86b4544e09d55ab5b001bf15489c0afc_JaffaCakes118.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\86b4544e09d55ab5b001bf15489c0afc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\86b4544e09d55ab5b001bf15489c0afc_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2568 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 4082⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2496
-