1bf398cb9c76f77c4c7d811e2f8fafb56894f62ed4066de29aaa7d6a3db408f1

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 02:38

Target

20cc8747f8e2bed057d26d317165ef9f_JaffaCakes118.exe
Size

55KB
MD5

20cc8747f8e2bed057d26d317165ef9f
SHA1

d472ce761bf78843395f821b444109d29ca231d7
SHA256

1bf398cb9c76f77c4c7d811e2f8fafb56894f62ed4066de29aaa7d6a3db408f1
SHA512

2a5557e111436998c321ff3c8a005c7e77e0bacf6d975cd2b4451364800e62813164bdb7e80d602076e7d4f753fdc484aaf0760464244017589de8ac683dbaf0
SSDEEP

768:gHlSRcEMPG+ysITGx9Xqb8JY2p4sMh627s9/hRuiFwDhhsKHHs:g2XSyrTSXqQJYvsP27eZRuishs4s

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2360 set thread context of 2620	2360	20cc8747f8e2bed057d26d317165ef9f_JaffaCakes118.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2360	20cc8747f8e2bed057d26d317165ef9f_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2620	2360	20cc8747f8e2bed057d26d317165ef9f_JaffaCakes118.exe	28
PID 2360 wrote to memory of 2620	2360	20cc8747f8e2bed057d26d317165ef9f_JaffaCakes118.exe	28
PID 2360 wrote to memory of 2620	2360	20cc8747f8e2bed057d26d317165ef9f_JaffaCakes118.exe	28
PID 2360 wrote to memory of 2620	2360	20cc8747f8e2bed057d26d317165ef9f_JaffaCakes118.exe	28
PID 2360 wrote to memory of 2620	2360	20cc8747f8e2bed057d26d317165ef9f_JaffaCakes118.exe	28
PID 2360 wrote to memory of 2620	2360	20cc8747f8e2bed057d26d317165ef9f_JaffaCakes118.exe	28
PID 2360 wrote to memory of 2620	2360	20cc8747f8e2bed057d26d317165ef9f_JaffaCakes118.exe	28
PID 2360 wrote to memory of 2620	2360	20cc8747f8e2bed057d26d317165ef9f_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\20cc8747f8e2bed057d26d317165ef9f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\20cc8747f8e2bed057d26d317165ef9f_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\Temp\20cc8747f8e2bed057d26d317165ef9f_JaffaCakes118.exe
  2⤵
  PID:2620

memory/2620-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2620-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2620-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2620-11-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2620-9-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2620-7-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2620-13-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2620-12-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2620-16-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download