15b6b844b022b66b26ec5cbdef2baeb3ab8bd218a66c80a2a4d01d2eb608d3bf

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 05:56

Target

237fbb9112a8c308bc6fd04d9041824e_JaffaCakes118.exe
Size

605KB
MD5

237fbb9112a8c308bc6fd04d9041824e
SHA1

dc6aa077bac2dc3910ba8957d57c47d598d6ce02
SHA256

15b6b844b022b66b26ec5cbdef2baeb3ab8bd218a66c80a2a4d01d2eb608d3bf
SHA512

6604c0b6d2ad91bfc98634f5a44e35f55ea074d308c2c859d4b10d48aacca75315341c14bd0c6bece79bd7881e6f837a88262913944076795f28c342da6cd7a1
SSDEEP

12288:IiTAuQK6Y5NkqZF/r4xKLlO1Dtu3Mi5qsOCUQ2PgMI:VAucqZ9cxAlGDtcMi3OttPo

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 2380	2612	237fbb9112a8c308bc6fd04d9041824e_JaffaCakes118.exe	28
PID 2612 wrote to memory of 2380	2612	237fbb9112a8c308bc6fd04d9041824e_JaffaCakes118.exe	28
PID 2612 wrote to memory of 2380	2612	237fbb9112a8c308bc6fd04d9041824e_JaffaCakes118.exe	28
PID 2612 wrote to memory of 2380	2612	237fbb9112a8c308bc6fd04d9041824e_JaffaCakes118.exe	28
PID 2612 wrote to memory of 2340	2612	237fbb9112a8c308bc6fd04d9041824e_JaffaCakes118.exe	29
PID 2612 wrote to memory of 2340	2612	237fbb9112a8c308bc6fd04d9041824e_JaffaCakes118.exe	29
PID 2612 wrote to memory of 2340	2612	237fbb9112a8c308bc6fd04d9041824e_JaffaCakes118.exe	29
PID 2612 wrote to memory of 2340	2612	237fbb9112a8c308bc6fd04d9041824e_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\237fbb9112a8c308bc6fd04d9041824e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\237fbb9112a8c308bc6fd04d9041824e_JaffaCakes118.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Users\Admin\AppData\Local\Temp\237fbb9112a8c308bc6fd04d9041824e_JaffaCakes118.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2380
- C:\Users\Admin\AppData\Local\Temp\237fbb9112a8c308bc6fd04d9041824e_JaffaCakes118.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2340

memory/2340-5-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2340-9-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2380-4-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2380-8-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2612-0-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2612-1-0x000000000046C000-0x000000000046E000-memory.dmp

Filesize
8KB

Download
memory/2612-2-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2612-3-0x00000000004A0000-0x000000000053B000-memory.dmp

Filesize
620KB

Download
memory/2612-7-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download