119e1ae29a70c77020c6b51e4a5b85b9c0198bc38c2c1c1d2b55bb452edc049a

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 15:38

Target

095e6ec386917da713dd533d578e3f47_JaffaCakes118.exe
Size

28KB
MD5

095e6ec386917da713dd533d578e3f47
SHA1

31c83695abe3ff18e49f12aa2af1c995563b46c3
SHA256

119e1ae29a70c77020c6b51e4a5b85b9c0198bc38c2c1c1d2b55bb452edc049a
SHA512

108283d26ad63e40f4179e257e042633d134308ab766b6ea4e4cca2f106abaadb1192f2cfa0a974aa41938eff8de1d3c0f712666e79a8f301f6ca300b4b8f9fe
SSDEEP

384:Fr66BOiIDqYspM7ASRC9fKj9nxWVtDyxF4LwA:Fr66BLaW9gj9nSyX4P

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2020 set thread context of 1272	2020	095e6ec386917da713dd533d578e3f47_JaffaCakes118.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2064	1272	WerFault.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2020	095e6ec386917da713dd533d578e3f47_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1272	2020	095e6ec386917da713dd533d578e3f47_JaffaCakes118.exe	28
PID 2020 wrote to memory of 1272	2020	095e6ec386917da713dd533d578e3f47_JaffaCakes118.exe	28
PID 2020 wrote to memory of 1272	2020	095e6ec386917da713dd533d578e3f47_JaffaCakes118.exe	28
PID 2020 wrote to memory of 1272	2020	095e6ec386917da713dd533d578e3f47_JaffaCakes118.exe	28
PID 2020 wrote to memory of 1272	2020	095e6ec386917da713dd533d578e3f47_JaffaCakes118.exe	28
PID 2020 wrote to memory of 1272	2020	095e6ec386917da713dd533d578e3f47_JaffaCakes118.exe	28
PID 2020 wrote to memory of 1272	2020	095e6ec386917da713dd533d578e3f47_JaffaCakes118.exe	28
PID 2020 wrote to memory of 1272	2020	095e6ec386917da713dd533d578e3f47_JaffaCakes118.exe	28
PID 1272 wrote to memory of 2064	1272	095e6ec386917da713dd533d578e3f47_JaffaCakes118.exe	29
PID 1272 wrote to memory of 2064	1272	095e6ec386917da713dd533d578e3f47_JaffaCakes118.exe	29
PID 1272 wrote to memory of 2064	1272	095e6ec386917da713dd533d578e3f47_JaffaCakes118.exe	29
PID 1272 wrote to memory of 2064	1272	095e6ec386917da713dd533d578e3f47_JaffaCakes118.exe	29

memory/1272-6-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1272-10-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1272-14-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1272-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1272-11-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1272-4-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1272-2-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1272-15-0x0000000000400000-0x0000000000402200-memory.dmp

Filesize
8KB

Download