47991c47c012a7a8b4b11f91eb215f93c749143cb5539b910c67d99d6a819a4c

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 20:12

Target

0f5f35fb4507e472b51a610583fbd24b_JaffaCakes118.exe
Size

111KB
MD5

0f5f35fb4507e472b51a610583fbd24b
SHA1

c1604edcd76301de2d59fbe333deee425a4d03ae
SHA256

47991c47c012a7a8b4b11f91eb215f93c749143cb5539b910c67d99d6a819a4c
SHA512

b1eee9e5d38fbb7ab0187df8a2b841020677db994c4538d95bea1b07a93011a64bc7e62604ad969dc729fdd0f8ef86f39bbc8edb43b9cc4133652212c0206d45
SSDEEP

1536:Ietn3iuxHeXQvUJSWTl85Hlx1b/cz2PkMgrDGqYUOlEXgluPRhDy4YTSXqQJYvs7:s37TlsCWRgfGyECglAJqQYse7eiiis5

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2032 set thread context of 2200	2032	0f5f35fb4507e472b51a610583fbd24b_JaffaCakes118.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2200	0f5f35fb4507e472b51a610583fbd24b_JaffaCakes118.exe
2200	0f5f35fb4507e472b51a610583fbd24b_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2032	0f5f35fb4507e472b51a610583fbd24b_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2200	2032	0f5f35fb4507e472b51a610583fbd24b_JaffaCakes118.exe	28
PID 2032 wrote to memory of 2200	2032	0f5f35fb4507e472b51a610583fbd24b_JaffaCakes118.exe	28
PID 2032 wrote to memory of 2200	2032	0f5f35fb4507e472b51a610583fbd24b_JaffaCakes118.exe	28
PID 2032 wrote to memory of 2200	2032	0f5f35fb4507e472b51a610583fbd24b_JaffaCakes118.exe	28
PID 2032 wrote to memory of 2200	2032	0f5f35fb4507e472b51a610583fbd24b_JaffaCakes118.exe	28
PID 2032 wrote to memory of 2200	2032	0f5f35fb4507e472b51a610583fbd24b_JaffaCakes118.exe	28
PID 2032 wrote to memory of 2200	2032	0f5f35fb4507e472b51a610583fbd24b_JaffaCakes118.exe	28
PID 2032 wrote to memory of 2200	2032	0f5f35fb4507e472b51a610583fbd24b_JaffaCakes118.exe	28
PID 2200 wrote to memory of 1184	2200	0f5f35fb4507e472b51a610583fbd24b_JaffaCakes118.exe	21
PID 2200 wrote to memory of 1184	2200	0f5f35fb4507e472b51a610583fbd24b_JaffaCakes118.exe	21
PID 2200 wrote to memory of 1184	2200	0f5f35fb4507e472b51a610583fbd24b_JaffaCakes118.exe	21
PID 2200 wrote to memory of 1184	2200	0f5f35fb4507e472b51a610583fbd24b_JaffaCakes118.exe	21

memory/1184-18-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1184-21-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/2032-0-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2032-15-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2200-11-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2200-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2200-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2200-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2200-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2200-17-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2200-16-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2200-14-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download