00b1e0e5d91c5257c8a210fab42fe772a8d7bbef93b077570136622a8eb331d2

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 00:46

Target

32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe
Size

74KB
MD5

32a8b011f40c0c6931132eae15370495
SHA1

91bc0962ad14cb2037c4e97767411cb53f1be53b
SHA256

00b1e0e5d91c5257c8a210fab42fe772a8d7bbef93b077570136622a8eb331d2
SHA512

8c43ec7c4eea53a50f3e73a63399f94fbcf2c3a629b09dec4ef6880cd2af81751e0b2f1d8da27e99f13aeb60d97625838057c2fb858f9f2d2b2d235673942f16
SSDEEP

768:DxlgpT82dk6YgMk+RD9oJct2lWsHnq6C6qOgUbmD33nDzNYj3exiz6:D4p66TO2w6BH/HqOXI33fSLmie

Score

5^/10

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3004 set thread context of 2148	3004	32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe	30
PID 3004 set thread context of 2372	3004	32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe	31

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3004	32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 2148	3004	32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe	30
PID 3004 wrote to memory of 2148	3004	32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe	30
PID 3004 wrote to memory of 2148	3004	32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe	30
PID 3004 wrote to memory of 2148	3004	32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe	30
PID 3004 wrote to memory of 2148	3004	32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe	30
PID 3004 wrote to memory of 2148	3004	32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe	30
PID 3004 wrote to memory of 2148	3004	32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe	30
PID 3004 wrote to memory of 2148	3004	32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe	30
PID 3004 wrote to memory of 2372	3004	32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe	31
PID 3004 wrote to memory of 2372	3004	32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe	31
PID 3004 wrote to memory of 2372	3004	32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe	31
PID 3004 wrote to memory of 2372	3004	32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe	31
PID 3004 wrote to memory of 2372	3004	32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Users\Admin\AppData\Local\Temp\32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe
  2⤵
  PID:2148
- C:\Users\Admin\AppData\Local\Temp\32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\32a8b011f40c0c6931132eae15370495_JaffaCakes118.exe
  2⤵
  PID:2372

memory/2148-15-0x0000000000400000-0x0000000000401E00-memory.dmp

Filesize
7KB

Download
memory/2148-6-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2148-4-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2148-2-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2148-10-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2148-13-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2372-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download