b5757034246f397d8289ec0504d1f969d00ff0bf6c9e4a25631fd32ddde2c510

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 09:35

Target

25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe
Size

336KB
MD5

25772f336b601779dfc9ad62fbd50bde
SHA1

481c4a5396e9feac1fa7c44fcc8f9b42c7a1d172
SHA256

b5757034246f397d8289ec0504d1f969d00ff0bf6c9e4a25631fd32ddde2c510
SHA512

40a79bb1e2c2918f07fa6a15bf0b456704863e00b263e66759f5f74b4644846ec4209025414e7873eab92ba3a6cd181eacb32e2b78c6601463b69b4e5504a494
SSDEEP

6144:cJGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG/GGGGGbGGGGGqGGTGGj:Zc269z

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2436 set thread context of 2508	2436	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	82

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2508	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe
2508	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe
2508	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe
2508	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2508	2436	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	82
PID 2436 wrote to memory of 2508	2436	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	82
PID 2436 wrote to memory of 2508	2436	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	82
PID 2436 wrote to memory of 2508	2436	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	82
PID 2436 wrote to memory of 2508	2436	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	82
PID 2508 wrote to memory of 3404	2508	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	56
PID 2508 wrote to memory of 3404	2508	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	56
PID 2508 wrote to memory of 3404	2508	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	56
PID 2508 wrote to memory of 3404	2508	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	56
PID 2508 wrote to memory of 3404	2508	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	56
PID 2508 wrote to memory of 3404	2508	25772f336b601779dfc9ad62fbd50bde_JaffaCakes118.exe	56

memory/2436-0-0x0000000019140000-0x00000000191996B0-memory.dmp

Filesize
357KB

Download
memory/2436-9-0x0000000019140000-0x00000000191996B0-memory.dmp

Filesize
357KB

Download
memory/2508-1-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2508-7-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2508-6-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2508-5-0x0000000019140000-0x00000000191996B0-memory.dmp

Filesize
357KB

Download
memory/2508-3-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3404-4-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/3404-11-0x000000007FFC0000-0x000000007FFC6000-memory.dmp

Filesize
24KB

Download