b5757034246f397d8289ec0504d1f969d00ff0bf6c9e4a25631fd32ddde2c510

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 09:35

Target

25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe
Size

336KB
MD5

25772f336b601779dfc9ad62fbd50bde
SHA1

481c4a5396e9feac1fa7c44fcc8f9b42c7a1d172
SHA256

b5757034246f397d8289ec0504d1f969d00ff0bf6c9e4a25631fd32ddde2c510
SHA512

40a79bb1e2c2918f07fa6a15bf0b456704863e00b263e66759f5f74b4644846ec4209025414e7873eab92ba3a6cd181eacb32e2b78c6601463b69b4e5504a494
SSDEEP

6144:cJGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG/GGGGGbGGGGGqGGTGGj:Zc269z

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1208 set thread context of 2016	1208	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2016	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe
2016	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 2016	1208	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	28
PID 1208 wrote to memory of 2016	1208	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	28
PID 1208 wrote to memory of 2016	1208	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	28
PID 1208 wrote to memory of 2016	1208	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	28
PID 1208 wrote to memory of 2016	1208	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	28
PID 1208 wrote to memory of 2016	1208	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	28
PID 2016 wrote to memory of 1232	2016	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	21
PID 2016 wrote to memory of 1232	2016	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	21
PID 2016 wrote to memory of 1232	2016	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	21
PID 2016 wrote to memory of 1232	2016	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	21
PID 2016 wrote to memory of 1232	2016	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	21
PID 2016 wrote to memory of 1232	2016	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	21

memory/1208-0-0x0000000019140000-0x00000000191996B0-memory.dmp

Filesize
357KB

Download
memory/1208-1-0x00000000002E0000-0x000000000033A000-memory.dmp

Filesize
360KB

Download
memory/1208-10-0x0000000019140000-0x00000000191996B0-memory.dmp

Filesize
357KB

Download
memory/1232-11-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/1232-19-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

Filesize
24KB

Download
memory/2016-15-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2016-14-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2016-9-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2016-6-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2016-4-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2016-2-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download