069b5accd2475cb987af5aa9be5742f6862194cf2a9df4141803ab79c3c17e89

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 15:58

Target

46e83a679721d0335b57306d12bd6e62_JaffaCakes118.exe
Size

603KB
MD5

46e83a679721d0335b57306d12bd6e62
SHA1

27c13b7c55ad5e979a578be7403e57be9039bc7d
SHA256

069b5accd2475cb987af5aa9be5742f6862194cf2a9df4141803ab79c3c17e89
SHA512

5358a3a268e7bfa35378180ca652401a283fb17dba70f04c78346f940cca01be0a7630e3ed39a7bcac3d4b0bc1d02ec2e5f6a2837323e0623586b5866d873a48
SSDEEP

12288:ydTBVLgwagjI6JmBd96RIYd76rF7RgvZXqyd8By5Ic7M6l:yhBqwJm3CmF7Rgv8BmIc

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 1268	2124	46e83a679721d0335b57306d12bd6e62_JaffaCakes118.exe	28
PID 2124 wrote to memory of 1268	2124	46e83a679721d0335b57306d12bd6e62_JaffaCakes118.exe	28
PID 2124 wrote to memory of 1268	2124	46e83a679721d0335b57306d12bd6e62_JaffaCakes118.exe	28
PID 2124 wrote to memory of 1268	2124	46e83a679721d0335b57306d12bd6e62_JaffaCakes118.exe	28
PID 2124 wrote to memory of 2968	2124	46e83a679721d0335b57306d12bd6e62_JaffaCakes118.exe	29
PID 2124 wrote to memory of 2968	2124	46e83a679721d0335b57306d12bd6e62_JaffaCakes118.exe	29
PID 2124 wrote to memory of 2968	2124	46e83a679721d0335b57306d12bd6e62_JaffaCakes118.exe	29
PID 2124 wrote to memory of 2968	2124	46e83a679721d0335b57306d12bd6e62_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\46e83a679721d0335b57306d12bd6e62_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\46e83a679721d0335b57306d12bd6e62_JaffaCakes118.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Users\Admin\AppData\Local\Temp\46e83a679721d0335b57306d12bd6e62_JaffaCakes118.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1268
- C:\Users\Admin\AppData\Local\Temp\46e83a679721d0335b57306d12bd6e62_JaffaCakes118.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2968

memory/1268-5-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/1268-6-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/1268-9-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/1268-11-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/2124-0-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/2124-1-0x000000000046C000-0x000000000046E000-memory.dmp

Filesize
8KB

Download
memory/2124-2-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/2124-4-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/2968-7-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/2968-8-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/2968-12-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download