8ceb0b36e3c8622861e5a652441249e34a03f1e532d1913f0c92634564212812

Analysis

max time kernel
102s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 17:49

Target

2910986d9767fbbd405170ff6aa660b1_JaffaCakes118.exe
Size

99KB
MD5

2910986d9767fbbd405170ff6aa660b1
SHA1

78f53c86f5a53885ce8a189ec45fbd04a686593a
SHA256

8ceb0b36e3c8622861e5a652441249e34a03f1e532d1913f0c92634564212812
SHA512

9ed778fad363aad467257c9441df91ea6572e93f889ae797e0ff62e79ebba3da06c8dd93fbfff82cc5da8d80ffe9e00057d389fd16ee7f98cd9346fb271f4692
SSDEEP

1536:OOdFyasQh6BBq/AE6W+wskjOk8pzH9euzlUidKR4drzyk5CogZznkhfIO9Fea:9GdQhnAE6fwqzdeuzlUiBikAN5khdB

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3528	tmp.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3000 set thread context of 3708	3000	2910986d9767fbbd405170ff6aa660b1_JaffaCakes118.exe	83

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3708	2910986d9767fbbd405170ff6aa660b1_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 3708	3000	2910986d9767fbbd405170ff6aa660b1_JaffaCakes118.exe	83
PID 3000 wrote to memory of 3708	3000	2910986d9767fbbd405170ff6aa660b1_JaffaCakes118.exe	83
PID 3000 wrote to memory of 3708	3000	2910986d9767fbbd405170ff6aa660b1_JaffaCakes118.exe	83
PID 3000 wrote to memory of 3708	3000	2910986d9767fbbd405170ff6aa660b1_JaffaCakes118.exe	83
PID 3000 wrote to memory of 3708	3000	2910986d9767fbbd405170ff6aa660b1_JaffaCakes118.exe	83
PID 3000 wrote to memory of 3708	3000	2910986d9767fbbd405170ff6aa660b1_JaffaCakes118.exe	83
PID 3000 wrote to memory of 3708	3000	2910986d9767fbbd405170ff6aa660b1_JaffaCakes118.exe	83
PID 3000 wrote to memory of 3708	3000	2910986d9767fbbd405170ff6aa660b1_JaffaCakes118.exe	83
PID 3708 wrote to memory of 3528	3708	2910986d9767fbbd405170ff6aa660b1_JaffaCakes118.exe	85
PID 3708 wrote to memory of 3528	3708	2910986d9767fbbd405170ff6aa660b1_JaffaCakes118.exe	85
PID 3708 wrote to memory of 3528	3708	2910986d9767fbbd405170ff6aa660b1_JaffaCakes118.exe	85
PID 3528 wrote to memory of 3592	3528	tmp.exe	56
PID 3528 wrote to memory of 3592	3528	tmp.exe	56
PID 3528 wrote to memory of 3592	3528	tmp.exe	56
PID 3528 wrote to memory of 3592	3528	tmp.exe	56

C:\Users\Admin\AppData\Local\Temp\tmp.exe

Filesize
31KB

MD5
deef4643e637eebfa8e77e5addd1fdef

SHA1
32baadb9ec5855cebbeb5f19df14457728c2a149

SHA256
c7f098bb6dc397b89ce9e548f96561397dc661a9d2727af62be06733cdec23c8

SHA512
04cafb5e42fd4a67dd1a64881196aeb345a5a76bc9ba6de03776f0a477896cd6d34c2458d7ba06e59c2b23c7da8ceeeaf9d425cc6fcf2b0ac6530dbe7f5f11d9

Download Submit
memory/3000-5-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3000-0-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3528-15-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3528-16-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3528-21-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3528-22-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3592-17-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/3592-18-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

Filesize
4KB

Download
memory/3708-6-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3708-1-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3708-3-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3708-24-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download