30034647bd8c68f6cb5ba0ee4d4b0f34b540ed46878d42100f97c91961f5fd72

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 06:35

Target

24f67e8952594721bbb3b97ac6e4e3f5_JaffaCakes118.exe
Size

169KB
MD5

24f67e8952594721bbb3b97ac6e4e3f5
SHA1

020894e966810ff55b74b2d7e8779a152bbd2705
SHA256

30034647bd8c68f6cb5ba0ee4d4b0f34b540ed46878d42100f97c91961f5fd72
SHA512

c16392cc1a406fd359468ef29834ab728565fa1a15a97a39962bbaf43c8ee25f679b759d20dd02b49c7126bfdc2deb62e9b569a7b4a264a2d39b0c5a42842a60
SSDEEP

3072:iKXR/zNqhJpCGXwxK3wgZci6BbJVyjZdyHdJWheQGyT6pVTIOk/qTELtVN1UJnrf:iKBRsJpP3XZci6B9VeZdyHCeQGHpyOoo

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2968 set thread context of 2024	2968	24f67e8952594721bbb3b97ac6e4e3f5_JaffaCakes118.exe	28

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2024	2968	24f67e8952594721bbb3b97ac6e4e3f5_JaffaCakes118.exe	28
PID 2968 wrote to memory of 2024	2968	24f67e8952594721bbb3b97ac6e4e3f5_JaffaCakes118.exe	28
PID 2968 wrote to memory of 2024	2968	24f67e8952594721bbb3b97ac6e4e3f5_JaffaCakes118.exe	28
PID 2968 wrote to memory of 2024	2968	24f67e8952594721bbb3b97ac6e4e3f5_JaffaCakes118.exe	28
PID 2968 wrote to memory of 2024	2968	24f67e8952594721bbb3b97ac6e4e3f5_JaffaCakes118.exe	28
PID 2968 wrote to memory of 2024	2968	24f67e8952594721bbb3b97ac6e4e3f5_JaffaCakes118.exe	28
PID 2968 wrote to memory of 2024	2968	24f67e8952594721bbb3b97ac6e4e3f5_JaffaCakes118.exe	28
PID 2968 wrote to memory of 2024	2968	24f67e8952594721bbb3b97ac6e4e3f5_JaffaCakes118.exe	28
PID 2968 wrote to memory of 2024	2968	24f67e8952594721bbb3b97ac6e4e3f5_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\24f67e8952594721bbb3b97ac6e4e3f5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\24f67e8952594721bbb3b97ac6e4e3f5_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Users\Admin\AppData\Local\Temp\24f67e8952594721bbb3b97ac6e4e3f5_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\24f67e8952594721bbb3b97ac6e4e3f5_JaffaCakes118.exe
  2⤵
  PID:2024

memory/2024-3-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2024-14-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2024-10-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2024-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2024-7-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2024-5-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2024-16-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2024-1-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2024-18-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2024-15-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2024-22-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2024-24-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2024-20-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2968-0-0x0000000000220000-0x0000000000240000-memory.dmp

Filesize
128KB

Download
memory/2968-13-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download