a3237e4b0d8b2b4e70f3f4b427f2ad5cd8a77ef046263da6f4043e6d256f7e51

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 17:36

Target

2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe
Size

24KB
MD5

2905e9ea4985337b32e74bd576e16301
SHA1

aa25f123c527bcb9719709b133703e147dca595f
SHA256

a3237e4b0d8b2b4e70f3f4b427f2ad5cd8a77ef046263da6f4043e6d256f7e51
SHA512

3d20c82664ad9e0b85faf4b672e65a1252d96e00aff32986b48d836a378daba3e40df345e59cca4b1285e3dad4b21b8693fb68d760a174933e50cab3cc36e7f2
SSDEEP

768:EwPKcRrMxG3AcZDg4cTdsXRyBdDBWSOep7:EwjRIEXe4mhDBWHs7

Score

5^/10

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\skbskg.dll	2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\userinit.exe	2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mjenpp.dll	2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 344 set thread context of 2348	344	2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe	28

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
344	2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 344 wrote to memory of 2348	344	2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe	28
PID 344 wrote to memory of 2348	344	2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe	28
PID 344 wrote to memory of 2348	344	2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe	28
PID 344 wrote to memory of 2348	344	2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe	28
PID 344 wrote to memory of 2348	344	2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe	28
PID 344 wrote to memory of 2348	344	2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe	28
PID 344 wrote to memory of 2348	344	2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe	28
PID 344 wrote to memory of 2348	344	2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe	28
PID 344 wrote to memory of 2348	344	2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe	28
PID 344 wrote to memory of 2348	344	2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe	28
PID 344 wrote to memory of 2348	344	2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2905e9ea4985337b32e74bd576e16301_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:344
- C:\Windows\SysWOW64\rundll32.exe
  C:\Windows\system32\rundll32.exe
  2⤵
  PID:2348

memory/344-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/344-1-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/344-19-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2348-12-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2348-16-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2348-15-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2348-11-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2348-8-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download