bc1d860a64c6f3bc7e83165559c4a8f1c5a387f1281411b1acb7611ba6832fd6

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 08:27

Target

1a99a6554703e1a2ef985ba1988fbaba_JaffaCakes118.exe
Size

56KB
MD5

1a99a6554703e1a2ef985ba1988fbaba
SHA1

2c668e9032df3076c50d741b9148d73a9ab41ad6
SHA256

bc1d860a64c6f3bc7e83165559c4a8f1c5a387f1281411b1acb7611ba6832fd6
SHA512

a7283bc439f0000e33d1decd305d53414cca0f83f7647ad39ae7d9ac5d644d9e87bc8f7251924defb4aa9a3bfeecf34e987cc8fc4c28b43fbd70a513848c0423
SSDEEP

768:EYuc5y57q8uO4bPtdN6r9iXW9ofVj3+NTgxDhtoUWIf+GfLK+osmaZn:EYMG04bFjm9oF3+Nq7oUW2+Mms

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\i2ytii1tto.exe	1a99a6554703e1a2ef985ba1988fbaba_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\i2ytii1tto.exe	1a99a6554703e1a2ef985ba1988fbaba_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2168 set thread context of 2724	2168	1a99a6554703e1a2ef985ba1988fbaba_JaffaCakes118.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2724	1a99a6554703e1a2ef985ba1988fbaba_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2724	2168	1a99a6554703e1a2ef985ba1988fbaba_JaffaCakes118.exe	28
PID 2168 wrote to memory of 2724	2168	1a99a6554703e1a2ef985ba1988fbaba_JaffaCakes118.exe	28
PID 2168 wrote to memory of 2724	2168	1a99a6554703e1a2ef985ba1988fbaba_JaffaCakes118.exe	28
PID 2168 wrote to memory of 2724	2168	1a99a6554703e1a2ef985ba1988fbaba_JaffaCakes118.exe	28
PID 2168 wrote to memory of 2724	2168	1a99a6554703e1a2ef985ba1988fbaba_JaffaCakes118.exe	28
PID 2168 wrote to memory of 2724	2168	1a99a6554703e1a2ef985ba1988fbaba_JaffaCakes118.exe	28
PID 2724 wrote to memory of 1172	2724	1a99a6554703e1a2ef985ba1988fbaba_JaffaCakes118.exe	21
PID 2724 wrote to memory of 1172	2724	1a99a6554703e1a2ef985ba1988fbaba_JaffaCakes118.exe	21
PID 2724 wrote to memory of 1172	2724	1a99a6554703e1a2ef985ba1988fbaba_JaffaCakes118.exe	21

memory/1172-12-0x0000000002200000-0x0000000002203000-memory.dmp

Filesize
12KB

Download
memory/1172-11-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/1172-13-0x0000000002210000-0x0000000002212000-memory.dmp

Filesize
8KB

Download
memory/2168-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2168-2-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2168-3-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2168-1-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2168-7-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2724-4-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2724-8-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2724-14-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download