52d0aa400d6eb0f89b58f38646ba688d66d43d3242f459ef500ddf7876288335

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 08:32

Target

254a81df0a4b19b8d2a9e573009ce1ef_JaffaCakes118.exe
Size

385KB
MD5

254a81df0a4b19b8d2a9e573009ce1ef
SHA1

e8922dd8597e7db5389eca4b6befe6baacbd2fc4
SHA256

52d0aa400d6eb0f89b58f38646ba688d66d43d3242f459ef500ddf7876288335
SHA512

b4b735269c07c4b34fde450469a4ec072904de8c1a71fa466e5d2fa9f1887f7d6935809f4eb342f562456c64fd87c7e804d86e54bd9e4b51393f9391f998f980
SSDEEP

12288:PMMMMMMMMMMMMMMMrMMMMMMMMMMMMMMMMXnTppc6o7MMMMMMMMMMMMMMVGX3jaA2:PMMMMMMMMMMMMMMMrMMMMMMMMMMMMMMq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

254a81df0a4b19b8d2a9e573009ce1ef_JaffaCakes118.exe

description	pid	process	target process
PID 2180 wrote to memory of 1880	2180	254a81df0a4b19b8d2a9e573009ce1ef_JaffaCakes118.exe	dw20.exe
PID 2180 wrote to memory of 1880	2180	254a81df0a4b19b8d2a9e573009ce1ef_JaffaCakes118.exe	dw20.exe
PID 2180 wrote to memory of 1880	2180	254a81df0a4b19b8d2a9e573009ce1ef_JaffaCakes118.exe	dw20.exe

C:\Users\Admin\AppData\Local\Temp\254a81df0a4b19b8d2a9e573009ce1ef_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\254a81df0a4b19b8d2a9e573009ce1ef_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2180

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
dw20.exe -x -s 468
2⤵
PID:1880

memory/1880-4-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1880-7-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/2180-0-0x000007FEF5B0E000-0x000007FEF5B0F000-memory.dmp

Filesize
4KB

Download
memory/2180-1-0x000007FEF5850000-0x000007FEF61ED000-memory.dmp

Filesize
9.6MB

Download
memory/2180-2-0x000007FEF5850000-0x000007FEF61ED000-memory.dmp

Filesize
9.6MB

Download
memory/2180-3-0x000007FEF5850000-0x000007FEF61ED000-memory.dmp

Filesize
9.6MB

Download
memory/2180-5-0x000007FEF5B0E000-0x000007FEF5B0F000-memory.dmp

Filesize
4KB

Download
memory/2180-6-0x000007FEF5850000-0x000007FEF61ED000-memory.dmp

Filesize
9.6MB

Download