00521de493a8e794745e410268d554e16bd00a2fb9a5ee88e1eaec4f11e88da9

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 03:08

Target

fb628656d50f0595bd333361d0ac94c0_JaffaCakes118.exe
Size

7KB
MD5

fb628656d50f0595bd333361d0ac94c0
SHA1

e9e6e44797b52f90e5480ab562633353c5a6527f
SHA256

00521de493a8e794745e410268d554e16bd00a2fb9a5ee88e1eaec4f11e88da9
SHA512

a261af95a2517836d17f89a3177a69d1027b511caac79e1a6dfda4c1ce9d9fe84649ec4ceb275a6e9ee8d7f4ff279b99fb9afce382b2b3d8f0043eb6e4e00c06
SSDEEP

96:QgQG6kHWjs8F7TssS61vF5cE2TYlnlYJnLeL0Kff345C0v1r5RXmm6oajF:QZjs8NvS61wV2nlYJLeLTg4En6n

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2584	dw20.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2584	2524	fb628656d50f0595bd333361d0ac94c0_JaffaCakes118.exe	31
PID 2524 wrote to memory of 2584	2524	fb628656d50f0595bd333361d0ac94c0_JaffaCakes118.exe	31
PID 2524 wrote to memory of 2584	2524	fb628656d50f0595bd333361d0ac94c0_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\fb628656d50f0595bd333361d0ac94c0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fb628656d50f0595bd333361d0ac94c0_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 404
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2584

memory/2524-0-0x000007FEF60AE000-0x000007FEF60AF000-memory.dmp

Filesize
4KB

Download
memory/2524-1-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

Filesize
9.6MB

Download
memory/2524-3-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

Filesize
9.6MB

Download
memory/2584-2-0x0000000001F00000-0x0000000001F01000-memory.dmp

Filesize
4KB

Download