1c7aa56525a0d58a05b4262004972b780e2ed8a5cb7cbd80ad172e5d096b502b

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 05:29

Target

eaac3d3454a700db4492ec0b263fb3f5_JaffaCakes118.exe
Size

108KB
MD5

eaac3d3454a700db4492ec0b263fb3f5
SHA1

6de16004d38dd8ae1718e1e30c014e99b997a7f7
SHA256

1c7aa56525a0d58a05b4262004972b780e2ed8a5cb7cbd80ad172e5d096b502b
SHA512

bf22aed53b45aa64fda89bc3f69c64bd1846b38f4d0d28ed37047c09f9b779434e9530def1fffc0f4ce16f1543fa3415b311fa255a4c23b281c5a9f226e3679d
SSDEEP

768:+NZA49tiuvKq/ORIy3QVKrbmh9jODxJdX8l5OEXUFn:MZYuvKquIygVVkDDdMFX4

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2748	2268	eaac3d3454a700db4492ec0b263fb3f5_JaffaCakes118.exe	31
PID 2268 wrote to memory of 2748	2268	eaac3d3454a700db4492ec0b263fb3f5_JaffaCakes118.exe	31
PID 2268 wrote to memory of 2748	2268	eaac3d3454a700db4492ec0b263fb3f5_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\eaac3d3454a700db4492ec0b263fb3f5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eaac3d3454a700db4492ec0b263fb3f5_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 480
  2⤵
  PID:2748

memory/2268-0-0x000007FEF61BE000-0x000007FEF61BF000-memory.dmp

Filesize
4KB

Download
memory/2268-1-0x000007FEF5F00000-0x000007FEF689D000-memory.dmp

Filesize
9.6MB

Download
memory/2268-2-0x000007FEF5F00000-0x000007FEF689D000-memory.dmp

Filesize
9.6MB

Download
memory/2268-3-0x000007FEF5F00000-0x000007FEF689D000-memory.dmp

Filesize
9.6MB

Download
memory/2268-5-0x000007FEF5F00000-0x000007FEF689D000-memory.dmp

Filesize
9.6MB

Download
memory/2748-4-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download