2135550530f048bbb061e33498c38808213b0a6504b5e317090d9b67844de009

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:14

Target

687af4f35948aaab34f674b1ca5ab150_JaffaCakes118.exe
Size

755KB
MD5

687af4f35948aaab34f674b1ca5ab150
SHA1

88de84c569823351d6e1ffc21ba6700f0a955d1a
SHA256

2135550530f048bbb061e33498c38808213b0a6504b5e317090d9b67844de009
SHA512

f0a13836c80f3c9d82172aec1109d05c845b7ecaf837d458eb8bb1eb3f005886b91a6ebfefe938b71086c4f7649ddacd1d0f5423d0722dc8998ebe4eac5d7ab9
SSDEEP

12288:aQN20eCofhgVDNuK40ufbN64b6slOJ5B/N2j+aFUnQn53CI2tjyufeKrn:x40eCoJgD8H3T04nARN2H6nQn53lQjyS

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

setup.exe

pid process

1660 setup.exe
Loads dropped DLL 1 IoCs

Processes:

687af4f35948aaab34f674b1ca5ab150_JaffaCakes118.exe

pid process

1304 687af4f35948aaab34f674b1ca5ab150_JaffaCakes118.exe

pid	process
1660	setup.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

687af4f35948aaab34f674b1ca5ab150_JaffaCakes118.exesetup.exe

pid	process
1304	687af4f35948aaab34f674b1ca5ab150_JaffaCakes118.exe
1304	687af4f35948aaab34f674b1ca5ab150_JaffaCakes118.exe
1660	setup.exe
1660	setup.exe
1660	setup.exe
1660	setup.exe
1660	setup.exe
1660	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

687af4f35948aaab34f674b1ca5ab150_JaffaCakes118.exe

description	pid	process	target process
PID 1304 wrote to memory of 1660	1304	687af4f35948aaab34f674b1ca5ab150_JaffaCakes118.exe	setup.exe
PID 1304 wrote to memory of 1660	1304	687af4f35948aaab34f674b1ca5ab150_JaffaCakes118.exe	setup.exe
PID 1304 wrote to memory of 1660	1304	687af4f35948aaab34f674b1ca5ab150_JaffaCakes118.exe	setup.exe
PID 1304 wrote to memory of 1660	1304	687af4f35948aaab34f674b1ca5ab150_JaffaCakes118.exe	setup.exe
PID 1304 wrote to memory of 1660	1304	687af4f35948aaab34f674b1ca5ab150_JaffaCakes118.exe	setup.exe
PID 1304 wrote to memory of 1660	1304	687af4f35948aaab34f674b1ca5ab150_JaffaCakes118.exe	setup.exe
PID 1304 wrote to memory of 1660	1304	687af4f35948aaab34f674b1ca5ab150_JaffaCakes118.exe	setup.exe

\Users\Admin\AppData\Local\Temp\setup.exe

Filesize
755KB

MD5
687af4f35948aaab34f674b1ca5ab150

SHA1
88de84c569823351d6e1ffc21ba6700f0a955d1a

SHA256
2135550530f048bbb061e33498c38808213b0a6504b5e317090d9b67844de009

SHA512
f0a13836c80f3c9d82172aec1109d05c845b7ecaf837d458eb8bb1eb3f005886b91a6ebfefe938b71086c4f7649ddacd1d0f5423d0722dc8998ebe4eac5d7ab9

Download Submit
memory/1304-0-0x0000000000400000-0x000000000066D000-memory.dmp

Filesize
2.4MB

Download
memory/1304-4-0x00000000027E0000-0x0000000002A4D000-memory.dmp

Filesize
2.4MB

Download
memory/1304-9-0x0000000000400000-0x000000000066D000-memory.dmp

Filesize
2.4MB

Download
memory/1304-36-0x00000000027E0000-0x0000000002A4D000-memory.dmp

Filesize
2.4MB

Download
memory/1660-10-0x0000000000400000-0x000000000066D000-memory.dmp

Filesize
2.4MB

Download
memory/1660-35-0x0000000000400000-0x000000000066D000-memory.dmp

Filesize
2.4MB

Download