6b991cd26d06fa3c57d95d60612785a4882a2c44d53e53f38e840987ff3d37d6

Analysis

max time kernel
140s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 08:39

Target

0d68c99631ae9fe9a00d976337965fcc_JaffaCakes118.exe
Size

91KB
MD5

0d68c99631ae9fe9a00d976337965fcc
SHA1

bb6eea46d43ce10be6873250f705375dc7b4fe48
SHA256

6b991cd26d06fa3c57d95d60612785a4882a2c44d53e53f38e840987ff3d37d6
SHA512

4ac5c0a971df77e221a612f71b1be50b4f188d9d6bdf89a6b3e4b781d4b2738c75669b875ab3893a4bf5269849ea75ba4e1e9ab6f36012ece89c61083004b265
SSDEEP

1536:VO04K1DvngkaN8RK94fJq/3UkMwRaUtdau7UL5Je:skznO8M94Y3UqRag/7Ue

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1640	m1.exe

Loads dropped DLL 2 IoCs

pid	Process
2420	0d68c99631ae9fe9a00d976337965fcc_JaffaCakes118.exe
2420	0d68c99631ae9fe9a00d976337965fcc_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 1640	2420	0d68c99631ae9fe9a00d976337965fcc_JaffaCakes118.exe	28
PID 2420 wrote to memory of 1640	2420	0d68c99631ae9fe9a00d976337965fcc_JaffaCakes118.exe	28
PID 2420 wrote to memory of 1640	2420	0d68c99631ae9fe9a00d976337965fcc_JaffaCakes118.exe	28
PID 2420 wrote to memory of 1640	2420	0d68c99631ae9fe9a00d976337965fcc_JaffaCakes118.exe	28

\Users\Admin\AppData\Local\Temp\m1.exe

Filesize
360KB

MD5
e8db125ba37be0ab53835b55243e9cf8

SHA1
405435e98c6d66d96bb4106fba9274730b053050

SHA256
301b47cdbc49dd3dbd4c6539e4cd1e732ceb2b57b495bf37c1cdd3d85f657cb2

SHA512
49a78beb26a9e86b351de02d4a90c4961c054583e7481b182a1f212e181d4ca9289c1ce7e5466816f59a92f0d9f208bea77c484d0be539bee9b0e57500544c53

Download Submit
memory/2420-13-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download