4cea7bd2a825a7154a645703772dd41e550c5db6e2f3692221efaa6ef8de9fc5

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 13:50

Target

ed91b7b93d47a0d89ea3b2feda1f37ea_JaffaCakes118.exe
Size

169KB
MD5

ed91b7b93d47a0d89ea3b2feda1f37ea
SHA1

e5c39bc7ebeb05bad870ba62571bae7f84d5bc8b
SHA256

4cea7bd2a825a7154a645703772dd41e550c5db6e2f3692221efaa6ef8de9fc5
SHA512

d8c3354e7ffa7933694d841070b7a548498f9dd46a70669ae56b03ead12b0c9897c40780fa29c919eb4c222db686c97867726bfe7366c8e1412fcf5c30719bb1
SSDEEP

3072:81LPzZdJEPHiQWkaTHBietI4kOe7V4OE1LiOl8g3Sg8Pc96:8Vz3JuHXoBjttkOe7VRE1LiHq16c96

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2400 set thread context of 2028	2400	ed91b7b93d47a0d89ea3b2feda1f37ea_JaffaCakes118.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2400	ed91b7b93d47a0d89ea3b2feda1f37ea_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2028	2400	ed91b7b93d47a0d89ea3b2feda1f37ea_JaffaCakes118.exe	28
PID 2400 wrote to memory of 2028	2400	ed91b7b93d47a0d89ea3b2feda1f37ea_JaffaCakes118.exe	28
PID 2400 wrote to memory of 2028	2400	ed91b7b93d47a0d89ea3b2feda1f37ea_JaffaCakes118.exe	28
PID 2400 wrote to memory of 2028	2400	ed91b7b93d47a0d89ea3b2feda1f37ea_JaffaCakes118.exe	28
PID 2400 wrote to memory of 2028	2400	ed91b7b93d47a0d89ea3b2feda1f37ea_JaffaCakes118.exe	28
PID 2400 wrote to memory of 2028	2400	ed91b7b93d47a0d89ea3b2feda1f37ea_JaffaCakes118.exe	28
PID 2400 wrote to memory of 2028	2400	ed91b7b93d47a0d89ea3b2feda1f37ea_JaffaCakes118.exe	28
PID 2400 wrote to memory of 2028	2400	ed91b7b93d47a0d89ea3b2feda1f37ea_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\ed91b7b93d47a0d89ea3b2feda1f37ea_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ed91b7b93d47a0d89ea3b2feda1f37ea_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Users\Admin\AppData\Local\Temp\ed91b7b93d47a0d89ea3b2feda1f37ea_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\ed91b7b93d47a0d89ea3b2feda1f37ea_JaffaCakes118.exe
  2⤵
  PID:2028

C:\ProgramData\jI82l\PCGWIN32.LI5

Filesize
2KB

MD5
96cb7b9347f82891cf0838c78269722d

SHA1
ddb8f1fef7c70b7d949936bc6154dbff197e9299

SHA256
307395f7e672aed7b1556ad4f6a396bc7b48d4e43238c5b008d481e4a367fb16

SHA512
2e4bd8f0c2054e2b19179c924bcf4fe4b1445fca03494ac78a26746b39eb46cf433005a8f5128f9f8bbe5af6c61d3f1a6bcd820f4c1a6f2d8e137c38dd8b163b

Download Submit
memory/2028-12-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2028-15-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2028-16-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2028-18-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2028-19-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2028-20-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2400-0-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2400-1-0x0000000000250000-0x0000000000266000-memory.dmp

Filesize
88KB

Download
memory/2400-11-0x00000000024C0000-0x000000000251A000-memory.dmp

Filesize
360KB

Download
memory/2400-17-0x0000000000250000-0x0000000000266000-memory.dmp

Filesize
88KB

Download
memory/2400-14-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download