408be8e41e2ad84500ba79977d7b0d67aa487e4058f35e34be6596652d8c85ec

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 17:14

Target

c1344f80eea80403b15253331e8e60ba_JaffaCakes118.exe
Size

443KB
MD5

c1344f80eea80403b15253331e8e60ba
SHA1

f323a984d23852a32db7a3991aeb163f9fbee2a1
SHA256

408be8e41e2ad84500ba79977d7b0d67aa487e4058f35e34be6596652d8c85ec
SHA512

404ee9a402d22337c9608c9b3f52b79b6292cab15febe4ccae1c6848f8d1370df39d4ad5fc873670fa85207b9de3a79727dc5e9ef763d9efb2ea4a1b693a60e7
SSDEEP

6144:kkPEgumWXjw9MwtoNas1Yu0KsBGgL6cD3W3Ij0ZssvipzGu1ZVvYrNFfRM5k0j+I:Qjpw8as1YXHb3IIj8zv4Zufwk0j+AYiB

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 1832	1488	c1344f80eea80403b15253331e8e60ba_JaffaCakes118.exe	29
PID 1488 wrote to memory of 1832	1488	c1344f80eea80403b15253331e8e60ba_JaffaCakes118.exe	29
PID 1488 wrote to memory of 1832	1488	c1344f80eea80403b15253331e8e60ba_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\c1344f80eea80403b15253331e8e60ba_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c1344f80eea80403b15253331e8e60ba_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Users\Admin\AppData\Local\Temp\c1344f80eea80403b15253331e8e60ba_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\c1344f80eea80403b15253331e8e60ba_JaffaCakes118.exe
  2⤵
  PID:1832

memory/1488-0-0x000007FEF594E000-0x000007FEF594F000-memory.dmp

Filesize
4KB

Download
memory/1488-1-0x000007FEF5690000-0x000007FEF602D000-memory.dmp

Filesize
9.6MB

Download
memory/1488-2-0x000007FEF5690000-0x000007FEF602D000-memory.dmp

Filesize
9.6MB

Download
memory/1488-3-0x000007FEF5690000-0x000007FEF602D000-memory.dmp

Filesize
9.6MB

Download