123bd7f34e3d137c55792804f2c67f48e90aceeeda41f58f45b5125957e729f0

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 06:28

Target

38b944b9f24642872772bbe72045fffa_JaffaCakes118.exe
Size

1.2MB
MD5

38b944b9f24642872772bbe72045fffa
SHA1

1d6b02f34ffe07f5f709d4b92418bc0b53634b3c
SHA256

123bd7f34e3d137c55792804f2c67f48e90aceeeda41f58f45b5125957e729f0
SHA512

13d6366879e2c21823993fee19d70509e2e0655f9dc7800e878c4d3568ecb489bda9a0416b19b24932670c8c8e21513d3386a6b5abd297aad83bb3cbf054dc72
SSDEEP

24576:00y9G36xN9G36xtMHVL0ehyHlT3ftMEjbP3AnyKteCfbRcR1b4RUP:0035nAKyFDftMeC1Fcsk

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4084 set thread context of 2228	4084	38b944b9f24642872772bbe72045fffa_JaffaCakes118.exe	83

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1344	2228	WerFault.exe	83
2224	2228	WerFault.exe	83

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4084 wrote to memory of 2228	4084	38b944b9f24642872772bbe72045fffa_JaffaCakes118.exe	83
PID 4084 wrote to memory of 2228	4084	38b944b9f24642872772bbe72045fffa_JaffaCakes118.exe	83
PID 4084 wrote to memory of 2228	4084	38b944b9f24642872772bbe72045fffa_JaffaCakes118.exe	83
PID 4084 wrote to memory of 2228	4084	38b944b9f24642872772bbe72045fffa_JaffaCakes118.exe	83
PID 4084 wrote to memory of 2228	4084	38b944b9f24642872772bbe72045fffa_JaffaCakes118.exe	83
PID 4084 wrote to memory of 2228	4084	38b944b9f24642872772bbe72045fffa_JaffaCakes118.exe	83
PID 4084 wrote to memory of 2228	4084	38b944b9f24642872772bbe72045fffa_JaffaCakes118.exe	83
PID 4084 wrote to memory of 2228	4084	38b944b9f24642872772bbe72045fffa_JaffaCakes118.exe	83
PID 4084 wrote to memory of 2228	4084	38b944b9f24642872772bbe72045fffa_JaffaCakes118.exe	83
PID 4084 wrote to memory of 2228	4084	38b944b9f24642872772bbe72045fffa_JaffaCakes118.exe	83

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2228 -ip 2228
1⤵
PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2228 -ip 2228
1⤵
PID:4732

memory/2228-0-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2228-1-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2228-2-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2228-3-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2228-4-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2228-5-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2228-6-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2228-10-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download