b962ca83c779576d6aeea041f0d450b2f0e8b858ee2e192166f109bf5fdb8e39

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 02:56

Target

f286ef958f1ab68d57a4fd1fe3db932e_JaffaCakes118.exe
Size

27KB
MD5

f286ef958f1ab68d57a4fd1fe3db932e
SHA1

f22a938563c5d0f076a62a6afce5ce6c7ec704c9
SHA256

b962ca83c779576d6aeea041f0d450b2f0e8b858ee2e192166f109bf5fdb8e39
SHA512

691c82e5a4fbc65dcacf849513aa1bbfa40ebb10ace5c4e017c847f43df4fff0d6f4696966f24cfdbd7752fd9053a4e224bb3ef253326377b20e39ec35b72593
SSDEEP

384:5+VCETo+n3RWr6lYv/szKNflRc2aAZlqfuG92oLNDfim:58CETo+n3Rpmo0NR1aAZNfoLlV

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1732 set thread context of 2668	1732	f286ef958f1ab68d57a4fd1fe3db932e_JaffaCakes118.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1732	f286ef958f1ab68d57a4fd1fe3db932e_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2668	1732	f286ef958f1ab68d57a4fd1fe3db932e_JaffaCakes118.exe	28
PID 1732 wrote to memory of 2668	1732	f286ef958f1ab68d57a4fd1fe3db932e_JaffaCakes118.exe	28
PID 1732 wrote to memory of 2668	1732	f286ef958f1ab68d57a4fd1fe3db932e_JaffaCakes118.exe	28
PID 1732 wrote to memory of 2668	1732	f286ef958f1ab68d57a4fd1fe3db932e_JaffaCakes118.exe	28
PID 1732 wrote to memory of 2668	1732	f286ef958f1ab68d57a4fd1fe3db932e_JaffaCakes118.exe	28
PID 1732 wrote to memory of 2668	1732	f286ef958f1ab68d57a4fd1fe3db932e_JaffaCakes118.exe	28
PID 1732 wrote to memory of 2668	1732	f286ef958f1ab68d57a4fd1fe3db932e_JaffaCakes118.exe	28
PID 1732 wrote to memory of 2668	1732	f286ef958f1ab68d57a4fd1fe3db932e_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\f286ef958f1ab68d57a4fd1fe3db932e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f286ef958f1ab68d57a4fd1fe3db932e_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Users\Admin\AppData\Local\Temp\f286ef958f1ab68d57a4fd1fe3db932e_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\f286ef958f1ab68d57a4fd1fe3db932e_JaffaCakes118.exe"
  2⤵
  PID:2668

memory/2668-3-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2668-5-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2668-7-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2668-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2668-11-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2668-12-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2668-14-0x0000000000400000-0x0000000000401C00-memory.dmp

Filesize
7KB

Download