dab5d49baf62b43b7f95df3f0e0070a42975f0239fc3e2e2da161b00540927c6

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 10:37

Target

283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe
Size

327KB
MD5

283f49e1e7af1107ce1fdb3e62815026
SHA1

530230d0caede75419be075691a37b3295a6b9ae
SHA256

dab5d49baf62b43b7f95df3f0e0070a42975f0239fc3e2e2da161b00540927c6
SHA512

7558ae9bc436d8775c7610d96670eb6854771b51a120d5d472ba2bc5daeb4cba2361c50ae3c674e3e51dbeea3c1d1678dfb69a879c103b97dce6aa24e8926e31
SSDEEP

6144:AdHFCf9vsBqU8cCK6Taz6u/eHu+QqKTSs6Nj81YFrec:QFTBqU806OzMdaSsKFT

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1380 set thread context of 2364	1380	283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe	85

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 2364	1380	283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe	85
PID 1380 wrote to memory of 2364	1380	283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe	85
PID 1380 wrote to memory of 2364	1380	283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe	85
PID 1380 wrote to memory of 2364	1380	283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe	85
PID 1380 wrote to memory of 2364	1380	283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe	85
PID 1380 wrote to memory of 2364	1380	283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe	85
PID 1380 wrote to memory of 2364	1380	283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe	85
PID 1380 wrote to memory of 2364	1380	283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Users\Admin\AppData\Local\Temp\283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe"
  2⤵
  PID:2364

memory/1380-0-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/1380-3-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/2364-1-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2364-4-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2364-5-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2364-6-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download