8d8374a15e6bf9e8bd01c0cd381957da7909ed4166806fc01aff28d7fde2ee4f

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26-08-2024 00:59

Target

c1f69001b97d666c01e4b4ba14cf1aa4_JaffaCakes118.exe
Size

89KB
MD5

c1f69001b97d666c01e4b4ba14cf1aa4
SHA1

29e849c36ac63c51a3e5744371e5b11c49aaef5b
SHA256

8d8374a15e6bf9e8bd01c0cd381957da7909ed4166806fc01aff28d7fde2ee4f
SHA512

62f15276b20ed35102b75c53d2e4a904dda925a358890cb248f27fa60c1b3a4b1af20d864f0acbe2b3e7c01d7e5e2234d43b3a812fad5561e5719f7ae69a5bb9
SSDEEP

1536:0E0vedP+zgwAhMn6ib02QZE2dC8WUKmgI9cRiV9KuzFXJNwAXV:h0KPVwxnotdDJoRGjNDl

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2160	558340.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2160	558340.exe
2160	558340.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 2160	1908	c1f69001b97d666c01e4b4ba14cf1aa4_JaffaCakes118.exe	30
PID 1908 wrote to memory of 2160	1908	c1f69001b97d666c01e4b4ba14cf1aa4_JaffaCakes118.exe	30
PID 1908 wrote to memory of 2160	1908	c1f69001b97d666c01e4b4ba14cf1aa4_JaffaCakes118.exe	30
PID 1908 wrote to memory of 2160	1908	c1f69001b97d666c01e4b4ba14cf1aa4_JaffaCakes118.exe	30
PID 2160 wrote to memory of 1192	2160	558340.exe	21
PID 2160 wrote to memory of 1192	2160	558340.exe	21
PID 2160 wrote to memory of 1192	2160	558340.exe	21
PID 2160 wrote to memory of 1192	2160	558340.exe	21
PID 2160 wrote to memory of 1192	2160	558340.exe	21
PID 2160 wrote to memory of 1192	2160	558340.exe	21

C:\Users\Admin\AppData\Local\Temp\558340.exe

Filesize
28KB

MD5
7443cb02e4b3e54c2914d3b94d223131

SHA1
d3f96eff5523a09becbac4d9e5debf619a28161f

SHA256
6ea54fd2ae0807d265058ab2520075813dd13d44c1be6a6259858241dcd76eb7

SHA512
0d77bbe581a47e64272300007c80ecd3c762339a3e3405606cedb60418bf0dc7d1ab625f5f2523188de2a9222f35292802abe7d9f76140ee1ba60486e74c6b56

Download Submit
memory/1192-13-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/1192-19-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

Filesize
24KB

Download
memory/1908-0-0x000007FEF5C4E000-0x000007FEF5C4F000-memory.dmp

Filesize
4KB

Download
memory/1908-1-0x000007FEF5990000-0x000007FEF632D000-memory.dmp

Filesize
9.6MB

Download
memory/1908-2-0x000007FEF5990000-0x000007FEF632D000-memory.dmp

Filesize
9.6MB

Download
memory/1908-9-0x000007FEF5990000-0x000007FEF632D000-memory.dmp

Filesize
9.6MB

Download
memory/1908-32-0x000007FEF5990000-0x000007FEF632D000-memory.dmp

Filesize
9.6MB

Download
memory/2160-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2160-12-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2160-31-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download