e4e18bd999c8c3c8696e0e15fd1fd5dff17c615b003c445ed12aa78594646912

Analysis

max time kernel
14s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 08:44

Target

3ee20dd020ef59b03b2298c61e96dd25_JaffaCakes118.exe
Size

85KB
MD5

3ee20dd020ef59b03b2298c61e96dd25
SHA1

b0d8d21360a03ed76d663628a16a781d5f30f576
SHA256

e4e18bd999c8c3c8696e0e15fd1fd5dff17c615b003c445ed12aa78594646912
SHA512

b2c78db990982e3d58d0724df49ad25b1b6d00ef61b89926b2184c7fedbdbc8e602ac442f2069332bbdfa5e272f82ff8e60c3d6df1fee8f5ce880dc06f721eb0
SSDEEP

1536:lV94BRfILWwCP1QOONthxtcQa7Sxkp5xOT2Y:lV9KJwW71Q5pcv+T2Y

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 2240	2596	3ee20dd020ef59b03b2298c61e96dd25_JaffaCakes118.exe	30
PID 2596 wrote to memory of 2240	2596	3ee20dd020ef59b03b2298c61e96dd25_JaffaCakes118.exe	30
PID 2596 wrote to memory of 2240	2596	3ee20dd020ef59b03b2298c61e96dd25_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\3ee20dd020ef59b03b2298c61e96dd25_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3ee20dd020ef59b03b2298c61e96dd25_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 384
  2⤵
  PID:2240

memory/2240-2-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2596-0-0x000007FEF5E1E000-0x000007FEF5E1F000-memory.dmp

Filesize
4KB

Download
memory/2596-1-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

Filesize
9.6MB

Download
memory/2596-3-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

Filesize
9.6MB

Download