a200d40618701c178c659eda7e927393e81adcdfb2a7885106304931d0f3ef82

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 15:04

Target

0e827c72f9fb91df44791f5a85fc4bcc_JaffaCakes118.exe
Size

28KB
MD5

0e827c72f9fb91df44791f5a85fc4bcc
SHA1

6b408a8c325ba29786c65d4fefb3826c6d6632dc
SHA256

a200d40618701c178c659eda7e927393e81adcdfb2a7885106304931d0f3ef82
SHA512

89c481d0d6667ea9c0fe47b93e7e55c4f217d9af8547e6a7e01a684016da7616c731855024261ac573093064acd861aabf6e899455b738a5bcce1923cfb4c4cf
SSDEEP

384:RtX6LyfmcqrsubcFw9Jxb8ADxke4+cppflr:RtsJcqPbcFw9Pb8ADOe4+cppflr

Score

1^/10

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2192	0e827c72f9fb91df44791f5a85fc4bcc_JaffaCakes118.exe
2192	0e827c72f9fb91df44791f5a85fc4bcc_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2292	2192	0e827c72f9fb91df44791f5a85fc4bcc_JaffaCakes118.exe	28
PID 2192 wrote to memory of 2292	2192	0e827c72f9fb91df44791f5a85fc4bcc_JaffaCakes118.exe	28
PID 2192 wrote to memory of 2292	2192	0e827c72f9fb91df44791f5a85fc4bcc_JaffaCakes118.exe	28
PID 2192 wrote to memory of 2292	2192	0e827c72f9fb91df44791f5a85fc4bcc_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\0e827c72f9fb91df44791f5a85fc4bcc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0e827c72f9fb91df44791f5a85fc4bcc_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c sgames.exe /VERYSILENT
  2⤵
  PID:2292