31af691708c12e49b84ebb3d2bf9e51e790ae78e277ecc7a7527b5c9ef6348e8

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 16:42

Target

09a983c85fcd93eff141dc458368f9f5_JaffaCakes118.exe
Size

312KB
MD5

09a983c85fcd93eff141dc458368f9f5
SHA1

8d3f3bea9db38cf793a98642d77f89b07abebef2
SHA256

31af691708c12e49b84ebb3d2bf9e51e790ae78e277ecc7a7527b5c9ef6348e8
SHA512

8ac58ce9612ca78daaef326977589cceb50dc7540ff21c88706b5f06bb079ff3b7ed613a1f967ab7ec09cf10bb14cc639fd8f798cb28b6894975ab6a4506ad38
SSDEEP

6144:ATcHIKDss8DWBaGi8Dk8CNe/QebY1vW1SR:poKDz8asiDZbIe0/R

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 232 set thread context of 4780	232	09a983c85fcd93eff141dc458368f9f5_JaffaCakes118.exe	81

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4780	09a983c85fcd93eff141dc458368f9f5_JaffaCakes118.exe
4780	09a983c85fcd93eff141dc458368f9f5_JaffaCakes118.exe
4780	09a983c85fcd93eff141dc458368f9f5_JaffaCakes118.exe
4780	09a983c85fcd93eff141dc458368f9f5_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
232	09a983c85fcd93eff141dc458368f9f5_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 4780	232	09a983c85fcd93eff141dc458368f9f5_JaffaCakes118.exe	81
PID 232 wrote to memory of 4780	232	09a983c85fcd93eff141dc458368f9f5_JaffaCakes118.exe	81
PID 232 wrote to memory of 4780	232	09a983c85fcd93eff141dc458368f9f5_JaffaCakes118.exe	81
PID 232 wrote to memory of 4780	232	09a983c85fcd93eff141dc458368f9f5_JaffaCakes118.exe	81
PID 232 wrote to memory of 4780	232	09a983c85fcd93eff141dc458368f9f5_JaffaCakes118.exe	81
PID 232 wrote to memory of 4780	232	09a983c85fcd93eff141dc458368f9f5_JaffaCakes118.exe	81
PID 232 wrote to memory of 4780	232	09a983c85fcd93eff141dc458368f9f5_JaffaCakes118.exe	81
PID 4780 wrote to memory of 3520	4780	09a983c85fcd93eff141dc458368f9f5_JaffaCakes118.exe	56
PID 4780 wrote to memory of 3520	4780	09a983c85fcd93eff141dc458368f9f5_JaffaCakes118.exe	56
PID 4780 wrote to memory of 3520	4780	09a983c85fcd93eff141dc458368f9f5_JaffaCakes118.exe	56
PID 4780 wrote to memory of 3520	4780	09a983c85fcd93eff141dc458368f9f5_JaffaCakes118.exe	56

memory/232-7-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/232-0-0x0000000000401000-0x0000000000403000-memory.dmp

Filesize
8KB

Download
memory/232-2-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/232-3-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/232-5-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/232-8-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/232-11-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/232-1-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/3520-16-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

Filesize
4KB

Download
memory/3520-15-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/4780-14-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/4780-13-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4780-9-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4780-19-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download