bd0de3a134120256b8850c1f17c47d08734c8f120b61eec5f21e417b16a59766

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 23:26

Target

2e3598a16e81a4ba933205ef6f82e959_JaffaCakes118.exe
Size

272KB
MD5

2e3598a16e81a4ba933205ef6f82e959
SHA1

774530b82cdb722e0f764b2cd6c1af0dc5345a38
SHA256

bd0de3a134120256b8850c1f17c47d08734c8f120b61eec5f21e417b16a59766
SHA512

d63069188b192ae0ec386ac38d7d7136c948d63f6554134b925e0ed12a788f826fd5adec30ee89c2532684e03fb904de09fdb6253b73224eee57a7e5bd18bfe6
SSDEEP

1536:L9MJ249icel/Z01/NBX4UDpegM3zwACUJGLq42GrElP2T/1oHd5RVJ6wmo7ucR9V:eX0e1FB/DpKjCLHAmoR1BbyRDSD

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2300 set thread context of 2492	2300	2e3598a16e81a4ba933205ef6f82e959_JaffaCakes118.exe	29

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2492	2e3598a16e81a4ba933205ef6f82e959_JaffaCakes118.exe
2492	2e3598a16e81a4ba933205ef6f82e959_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2300	2e3598a16e81a4ba933205ef6f82e959_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 2492	2300	2e3598a16e81a4ba933205ef6f82e959_JaffaCakes118.exe	29
PID 2300 wrote to memory of 2492	2300	2e3598a16e81a4ba933205ef6f82e959_JaffaCakes118.exe	29
PID 2300 wrote to memory of 2492	2300	2e3598a16e81a4ba933205ef6f82e959_JaffaCakes118.exe	29
PID 2300 wrote to memory of 2492	2300	2e3598a16e81a4ba933205ef6f82e959_JaffaCakes118.exe	29
PID 2300 wrote to memory of 2492	2300	2e3598a16e81a4ba933205ef6f82e959_JaffaCakes118.exe	29
PID 2300 wrote to memory of 2492	2300	2e3598a16e81a4ba933205ef6f82e959_JaffaCakes118.exe	29
PID 2300 wrote to memory of 2492	2300	2e3598a16e81a4ba933205ef6f82e959_JaffaCakes118.exe	29
PID 2300 wrote to memory of 2492	2300	2e3598a16e81a4ba933205ef6f82e959_JaffaCakes118.exe	29
PID 2492 wrote to memory of 1388	2492	2e3598a16e81a4ba933205ef6f82e959_JaffaCakes118.exe	20
PID 2492 wrote to memory of 1388	2492	2e3598a16e81a4ba933205ef6f82e959_JaffaCakes118.exe	20
PID 2492 wrote to memory of 1388	2492	2e3598a16e81a4ba933205ef6f82e959_JaffaCakes118.exe	20
PID 2492 wrote to memory of 1388	2492	2e3598a16e81a4ba933205ef6f82e959_JaffaCakes118.exe	20

memory/1388-9-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1388-12-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/2300-0-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2300-6-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2492-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2492-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2492-8-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2492-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download