51c52d13a6d9fd54dcb2ca4ffd3cc7cfdacc3dce025b2b8204c183acfe3be21e

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 17:56

Target

09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe
Size

272KB
MD5

09fae696f96a6c61cd2a3c545d22fd40
SHA1

8a9dda02bb6ff0f969583d7db3be56e7d5be1859
SHA256

51c52d13a6d9fd54dcb2ca4ffd3cc7cfdacc3dce025b2b8204c183acfe3be21e
SHA512

943ea1f31148dfe492dac2c63e3347b2e37cd9450d04701eaf3a7e45ee1386ed2a53f15becf9600da3dbe2df61353480205cd6cd058ba797c52e56e509d0a86f
SSDEEP

6144:sWjQxhvNN+Q7hFIPcmdLs/BV2oBjneDO6j4mNCZ1E0+qSnFNLrMsgu:sWjCFNNv9FIdtsn2GyDy6823x

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1148 set thread context of 2848	1148	09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe	29

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1148	09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 2848	1148	09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe	29
PID 1148 wrote to memory of 2848	1148	09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe	29
PID 1148 wrote to memory of 2848	1148	09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe	29
PID 1148 wrote to memory of 2848	1148	09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe	29
PID 1148 wrote to memory of 2848	1148	09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe	29
PID 1148 wrote to memory of 2848	1148	09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe	29
PID 1148 wrote to memory of 2848	1148	09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe	29
PID 1148 wrote to memory of 2848	1148	09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe	29
PID 1148 wrote to memory of 2848	1148	09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe	29
PID 1148 wrote to memory of 2848	1148	09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe	29
PID 1148 wrote to memory of 2848	1148	09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe	29
PID 1148 wrote to memory of 2848	1148	09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Users\Admin\AppData\Local\Temp\09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\09fae696f96a6c61cd2a3c545d22fd40_JaffaCakes118.exe
  2⤵
  PID:2848

memory/1148-0-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1148-27-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2848-8-0x0000000053140000-0x0000000053185000-memory.dmp

Filesize
276KB

Download
memory/2848-21-0x0000000053140000-0x0000000053185000-memory.dmp

Filesize
276KB

Download
memory/2848-22-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2848-19-0x0000000053140000-0x0000000053185000-memory.dmp

Filesize
276KB

Download
memory/2848-17-0x0000000053140000-0x0000000053185000-memory.dmp

Filesize
276KB

Download
memory/2848-14-0x0000000053140000-0x0000000053185000-memory.dmp

Filesize
276KB

Download
memory/2848-11-0x0000000053140000-0x0000000053185000-memory.dmp

Filesize
276KB

Download
memory/2848-9-0x0000000053140000-0x0000000053185000-memory.dmp

Filesize
276KB

Download
memory/2848-7-0x0000000053140000-0x0000000053185000-memory.dmp

Filesize
276KB

Download