72dbabce6a52d479b3f0918b08ad96a88eccfc3cf3e8e34d9e5eb9d61814eecf

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-10-2024 10:09

Target

2f3ca47f6c133d1051df2ab054781d4f_JaffaCakes118.exe
Size

31KB
MD5

2f3ca47f6c133d1051df2ab054781d4f
SHA1

56e9e529f9435fe263a92f6d57ae7509e69c463e
SHA256

72dbabce6a52d479b3f0918b08ad96a88eccfc3cf3e8e34d9e5eb9d61814eecf
SHA512

ffbe19e45d939cb48aaecdd4f69e9b023365cfbb62916a99ada3ff815f0c8ac7175c35720f48c36898c6b62c456da915075873167f526865490fd501454b86cf
SSDEEP

768:KSdef6PAs68pfZP04YsubvbtbKxHVCZRSLiDSFDh/aSk1vx3:KSdeiPfJxYfK86GmDh/an3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2176	2512	2f3ca47f6c133d1051df2ab054781d4f_JaffaCakes118.exe	31
PID 2512 wrote to memory of 2176	2512	2f3ca47f6c133d1051df2ab054781d4f_JaffaCakes118.exe	31
PID 2512 wrote to memory of 2176	2512	2f3ca47f6c133d1051df2ab054781d4f_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\2f3ca47f6c133d1051df2ab054781d4f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2f3ca47f6c133d1051df2ab054781d4f_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\system32\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\9C6E.tmp\Product.bat""
  2⤵
  PID:2176

C:\Users\Admin\AppData\Local\Temp\9C6E.tmp\Product.bat

Filesize
1KB

MD5
65a21865225a6777359f3ecb4551f21e

SHA1
51540ab322527e216c36ada803d244eb1333fe8d

SHA256
6b72c3580a4206efcfd94bf1caf1ea9676ec6c40cce1ebe4307fd50064034f83

SHA512
ca852e60b25d5f937324b662d692f74fc994011904826a7e34ab6e96a6942a5d30c2dd537619e3d40102f7d769226c7761335a9aa1a43b882bad41286cb90fd8

Download Submit
memory/2512-0-0x0000000140000000-0x0000000140017000-memory.dmp

Filesize
92KB

Download
memory/2512-10-0x0000000140000000-0x0000000140017000-memory.dmp

Filesize
92KB

Download