045b95252f2e2325300eb7a303dc7ee9a2405ac62afe397dea8a5f3316407ab9

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 07:22

Target

3e5757d854ac1f4369a4dff45266f475_JaffaCakes118.exe
Size

615KB
MD5

3e5757d854ac1f4369a4dff45266f475
SHA1

5cfe93d3c7843d241dde12d41f3214a78553a9d9
SHA256

045b95252f2e2325300eb7a303dc7ee9a2405ac62afe397dea8a5f3316407ab9
SHA512

33cfc78915965d0f9758d7670351a1a5fa3949b118963014700d521c19cd861d9c6f9cdf5c91662bafd6d4574f8d03daf9b6a8b6870461f8b26b8d27a3bf7f80
SSDEEP

6144:fmFw2Ny4zWBgdKKwvbky1hMFpdgCqc1s9igPvE3e2xR3Ry+BMCYtpGaCYTCLFwPv:J9BKy+Ga2iz8AMbhOBwP42+qB42oMn

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 1672	2388	3e5757d854ac1f4369a4dff45266f475_JaffaCakes118.exe	28
PID 2388 wrote to memory of 1672	2388	3e5757d854ac1f4369a4dff45266f475_JaffaCakes118.exe	28
PID 2388 wrote to memory of 1672	2388	3e5757d854ac1f4369a4dff45266f475_JaffaCakes118.exe	28
PID 2388 wrote to memory of 1672	2388	3e5757d854ac1f4369a4dff45266f475_JaffaCakes118.exe	28
PID 2388 wrote to memory of 2088	2388	3e5757d854ac1f4369a4dff45266f475_JaffaCakes118.exe	29
PID 2388 wrote to memory of 2088	2388	3e5757d854ac1f4369a4dff45266f475_JaffaCakes118.exe	29
PID 2388 wrote to memory of 2088	2388	3e5757d854ac1f4369a4dff45266f475_JaffaCakes118.exe	29
PID 2388 wrote to memory of 2088	2388	3e5757d854ac1f4369a4dff45266f475_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\3e5757d854ac1f4369a4dff45266f475_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3e5757d854ac1f4369a4dff45266f475_JaffaCakes118.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Users\Admin\AppData\Local\Temp\3e5757d854ac1f4369a4dff45266f475_JaffaCakes118.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1672
- C:\Users\Admin\AppData\Local\Temp\3e5757d854ac1f4369a4dff45266f475_JaffaCakes118.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2088

memory/1672-12-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/1672-13-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/1672-9-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/1672-11-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/1672-7-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2088-8-0x000000000046C000-0x000000000046F000-memory.dmp

Filesize
12KB

Download
memory/2088-5-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2088-6-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2088-10-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2088-16-0x000000000046C000-0x000000000046F000-memory.dmp

Filesize
12KB

Download
memory/2088-15-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2388-4-0x000000000046C000-0x000000000046F000-memory.dmp

Filesize
12KB

Download
memory/2388-3-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2388-1-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2388-0-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download