068b7a211188318911ebb6cb532205dc1e07c10c21a22d0c40cf37521bc9999d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 19:41

Target

47b8eb26724a8352ed02de407616a97d_JaffaCakes118.exe
Size

755KB
MD5

47b8eb26724a8352ed02de407616a97d
SHA1

9866427a380258c6a312091823e182f20fa5236f
SHA256

068b7a211188318911ebb6cb532205dc1e07c10c21a22d0c40cf37521bc9999d
SHA512

fa723d6b888a86fd59070c0701925849854c68fa2783c22c553087e14eeb3118f1a2121c2692f149e8b3fcfc3146e833138bc335b6108e502a9affab4461f8de
SSDEEP

12288:vNhBJitWYoOOIpkYQJsYwA8/BLDjoFrxzebIz+WxxBVDGYP3IfB:jBgcY8DlBODUzzEIdxxjDdP4fB

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1380	setup.exe

Loads dropped DLL 1 IoCs

pid	Process
2128	47b8eb26724a8352ed02de407616a97d_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 1380	2128	47b8eb26724a8352ed02de407616a97d_JaffaCakes118.exe	28
PID 2128 wrote to memory of 1380	2128	47b8eb26724a8352ed02de407616a97d_JaffaCakes118.exe	28
PID 2128 wrote to memory of 1380	2128	47b8eb26724a8352ed02de407616a97d_JaffaCakes118.exe	28
PID 2128 wrote to memory of 1380	2128	47b8eb26724a8352ed02de407616a97d_JaffaCakes118.exe	28
PID 2128 wrote to memory of 1380	2128	47b8eb26724a8352ed02de407616a97d_JaffaCakes118.exe	28
PID 2128 wrote to memory of 1380	2128	47b8eb26724a8352ed02de407616a97d_JaffaCakes118.exe	28
PID 2128 wrote to memory of 1380	2128	47b8eb26724a8352ed02de407616a97d_JaffaCakes118.exe	28

\Users\Admin\AppData\Local\Temp\setup.exe

Filesize
755KB

MD5
47b8eb26724a8352ed02de407616a97d

SHA1
9866427a380258c6a312091823e182f20fa5236f

SHA256
068b7a211188318911ebb6cb532205dc1e07c10c21a22d0c40cf37521bc9999d

SHA512
fa723d6b888a86fd59070c0701925849854c68fa2783c22c553087e14eeb3118f1a2121c2692f149e8b3fcfc3146e833138bc335b6108e502a9affab4461f8de

Download Submit
memory/1380-10-0x0000000000400000-0x000000000066D000-memory.dmp

Filesize
2.4MB

Download
memory/1380-36-0x0000000000400000-0x000000000066D000-memory.dmp

Filesize
2.4MB

Download
memory/2128-0-0x0000000000400000-0x000000000066D000-memory.dmp

Filesize
2.4MB

Download
memory/2128-4-0x00000000026D0000-0x000000000293D000-memory.dmp

Filesize
2.4MB

Download
memory/2128-9-0x0000000000400000-0x000000000066D000-memory.dmp

Filesize
2.4MB

Download
memory/2128-37-0x00000000026D0000-0x000000000293D000-memory.dmp

Filesize
2.4MB

Download