6b1278ad59559f1fcd66ebf5b37de3615a5957004dc946c9c9839d3a8ed282f1

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 16:55

Target

313655c96ae0678fd8a43882d6a50995_JaffaCakes118.exe
Size

262KB
MD5

313655c96ae0678fd8a43882d6a50995
SHA1

5a85832a65480e73974c28f9b76af50c5b8493cb
SHA256

6b1278ad59559f1fcd66ebf5b37de3615a5957004dc946c9c9839d3a8ed282f1
SHA512

c82bfffd32ed768bc1aeb3b895a1a7205fd1257bd4f29683b14e6e9836ade383c044ae6e0563fd0103c642d2765628b53b46a1817f8ce2febe76bf61cfe31763
SSDEEP

6144:/KQ7slWUG9PB5DyapPTcGfhv+C+e+GNLBRjAu3Pc769/c:/Zdv1vGlqv7+0N1RjAAPc769k

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1940 set thread context of 752	1940	313655c96ae0678fd8a43882d6a50995_JaffaCakes118.exe	30

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	313655c96ae0678fd8a43882d6a50995_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	313655c96ae0678fd8a43882d6a50995_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1940	313655c96ae0678fd8a43882d6a50995_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 752	1940	313655c96ae0678fd8a43882d6a50995_JaffaCakes118.exe	30
PID 1940 wrote to memory of 752	1940	313655c96ae0678fd8a43882d6a50995_JaffaCakes118.exe	30
PID 1940 wrote to memory of 752	1940	313655c96ae0678fd8a43882d6a50995_JaffaCakes118.exe	30
PID 1940 wrote to memory of 752	1940	313655c96ae0678fd8a43882d6a50995_JaffaCakes118.exe	30
PID 1940 wrote to memory of 752	1940	313655c96ae0678fd8a43882d6a50995_JaffaCakes118.exe	30
PID 1940 wrote to memory of 752	1940	313655c96ae0678fd8a43882d6a50995_JaffaCakes118.exe	30
PID 1940 wrote to memory of 752	1940	313655c96ae0678fd8a43882d6a50995_JaffaCakes118.exe	30
PID 1940 wrote to memory of 752	1940	313655c96ae0678fd8a43882d6a50995_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\313655c96ae0678fd8a43882d6a50995_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\313655c96ae0678fd8a43882d6a50995_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Users\Admin\AppData\Local\Temp\313655c96ae0678fd8a43882d6a50995_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\313655c96ae0678fd8a43882d6a50995_JaffaCakes118.exe
  2⤵
  PID:752

memory/752-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/752-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/752-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/752-6-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/752-10-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1940-5-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download