450c301ee7260a04466308ec8ca0978b03cc4451e01d99cc49c84270dde736d2

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 13:51

Target

af7b6226c0356527158698c13f3426f5_JaffaCakes118.exe
Size

54KB
MD5

af7b6226c0356527158698c13f3426f5
SHA1

af4879bf1301b69d72ce27c2dcacd66d073433db
SHA256

450c301ee7260a04466308ec8ca0978b03cc4451e01d99cc49c84270dde736d2
SHA512

650ca83fc98cda40db0b71cf1a3052ce0499f633c35ad1fa2e6fdda4c8846e3cce8a7de3f25a874a185a747740a54f98ba8588cd0cbacde7c7b95aa9046b0fca
SSDEEP

768:anF0Gpt5rkHFi95rfpWELBRNNbI+wpIwNQPExYQmvO7uD0XYPQPk6gc1:149tBRfILWwCP1QOON2vc1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 2012	1768	af7b6226c0356527158698c13f3426f5_JaffaCakes118.exe	30
PID 1768 wrote to memory of 2012	1768	af7b6226c0356527158698c13f3426f5_JaffaCakes118.exe	30
PID 1768 wrote to memory of 2012	1768	af7b6226c0356527158698c13f3426f5_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\af7b6226c0356527158698c13f3426f5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\af7b6226c0356527158698c13f3426f5_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Users\Admin\AppData\Local\Temp\af7b6226c0356527158698c13f3426f5_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\af7b6226c0356527158698c13f3426f5_JaffaCakes118.exe
  2⤵
  PID:2012

memory/1768-0-0x000007FEF5EEE000-0x000007FEF5EEF000-memory.dmp

Filesize
4KB

Download
memory/1768-1-0x000007FEF5C30000-0x000007FEF65CD000-memory.dmp

Filesize
9.6MB

Download