0c7059fa94ab827409a353a6cc3d99760180301ed3825db294d1ba4056511417

Analysis

max time kernel
131s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
26-06-2024 01:29

Target

10420570f14c8e35d65c1c38a6f28911_JaffaCakes118.exe
Size

355KB
MD5

10420570f14c8e35d65c1c38a6f28911
SHA1

057a23802755d8639d54205481c66c00d2de42ab
SHA256

0c7059fa94ab827409a353a6cc3d99760180301ed3825db294d1ba4056511417
SHA512

918e8e2d46f95432238c1784da93a1cf3518395996b170ce7f9f800e5a70ba3e7871444cf2616f8663d41833df26085c8de45301ed9613a66f247e20ee2a7dba
SSDEEP

6144:+dLsNgDgpI+xN7aAXgLRitBlbfOiZmc8W/tPwT7x0:+djDgWGahLRitBl3X8ot4i

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 844 set thread context of 3572	844	10420570f14c8e35d65c1c38a6f28911_JaffaCakes118.exe	85

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 844 wrote to memory of 3572	844	10420570f14c8e35d65c1c38a6f28911_JaffaCakes118.exe	85
PID 844 wrote to memory of 3572	844	10420570f14c8e35d65c1c38a6f28911_JaffaCakes118.exe	85
PID 844 wrote to memory of 3572	844	10420570f14c8e35d65c1c38a6f28911_JaffaCakes118.exe	85
PID 844 wrote to memory of 3572	844	10420570f14c8e35d65c1c38a6f28911_JaffaCakes118.exe	85
PID 844 wrote to memory of 3572	844	10420570f14c8e35d65c1c38a6f28911_JaffaCakes118.exe	85
PID 844 wrote to memory of 3572	844	10420570f14c8e35d65c1c38a6f28911_JaffaCakes118.exe	85
PID 844 wrote to memory of 3572	844	10420570f14c8e35d65c1c38a6f28911_JaffaCakes118.exe	85
PID 844 wrote to memory of 3572	844	10420570f14c8e35d65c1c38a6f28911_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\10420570f14c8e35d65c1c38a6f28911_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\10420570f14c8e35d65c1c38a6f28911_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:844
- C:\Users\Admin\AppData\Local\Temp\10420570f14c8e35d65c1c38a6f28911_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\10420570f14c8e35d65c1c38a6f28911_JaffaCakes118.exe"
  2⤵
  PID:3572

memory/844-0-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/844-3-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/3572-1-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/3572-5-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/3572-8-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/3572-6-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download