19c1cd6ebf273bb6f4ca994d3263762806ad76201aef6838a0bf1200b893ef80

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 10:08

Target

3449343db8c834eb6187aae83a6fa691_JaffaCakes118.exe
Size

32KB
MD5

3449343db8c834eb6187aae83a6fa691
SHA1

4841a99004f2f0ce0268c0fa90c41de2d535828b
SHA256

19c1cd6ebf273bb6f4ca994d3263762806ad76201aef6838a0bf1200b893ef80
SHA512

072fb79bf5c7d2b087489744604bb11a8155a3bd06e37daac214c6c4d11f2e100ba84bd57fdf454eb6a3f08951c9787925040656e41ee6334d0eede08c267299
SSDEEP

384:u2AtGeLPn0tLlQKw+tYy7v2/5hcMMT+LxgDdeElSUak/Iw3NCgvRV3:1GzLPn0txzwHSO/c7ydiYUakXcS

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2780 set thread context of 2840	2780	3449343db8c834eb6187aae83a6fa691_JaffaCakes118.exe	32

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2780	3449343db8c834eb6187aae83a6fa691_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 2808	2780	3449343db8c834eb6187aae83a6fa691_JaffaCakes118.exe	30
PID 2780 wrote to memory of 2808	2780	3449343db8c834eb6187aae83a6fa691_JaffaCakes118.exe	30
PID 2780 wrote to memory of 2808	2780	3449343db8c834eb6187aae83a6fa691_JaffaCakes118.exe	30
PID 2780 wrote to memory of 2808	2780	3449343db8c834eb6187aae83a6fa691_JaffaCakes118.exe	30
PID 2780 wrote to memory of 2840	2780	3449343db8c834eb6187aae83a6fa691_JaffaCakes118.exe	32
PID 2780 wrote to memory of 2840	2780	3449343db8c834eb6187aae83a6fa691_JaffaCakes118.exe	32
PID 2780 wrote to memory of 2840	2780	3449343db8c834eb6187aae83a6fa691_JaffaCakes118.exe	32
PID 2780 wrote to memory of 2840	2780	3449343db8c834eb6187aae83a6fa691_JaffaCakes118.exe	32
PID 2780 wrote to memory of 2840	2780	3449343db8c834eb6187aae83a6fa691_JaffaCakes118.exe	32
PID 2780 wrote to memory of 2840	2780	3449343db8c834eb6187aae83a6fa691_JaffaCakes118.exe	32
PID 2780 wrote to memory of 2840	2780	3449343db8c834eb6187aae83a6fa691_JaffaCakes118.exe	32
PID 2780 wrote to memory of 2840	2780	3449343db8c834eb6187aae83a6fa691_JaffaCakes118.exe	32

C:\Users\Admin\AppData\Local\Temp\3449343db8c834eb6187aae83a6fa691_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3449343db8c834eb6187aae83a6fa691_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c copy "C:\Users\Admin\AppData\Local\Temp\3449343db8c834eb6187aae83a6fa691_JaffaCakes118.exe" "C:\Users\Admin\AppData\Local\Temp\file.rst"
  2⤵
  PID:2808
- C:\Windows\SysWOW64\cmd.exe
  cmd
  2⤵
  PID:2840

C:\Users\Admin\AppData\Local\Temp\file.rst

Filesize
32KB

MD5
3449343db8c834eb6187aae83a6fa691

SHA1
4841a99004f2f0ce0268c0fa90c41de2d535828b

SHA256
19c1cd6ebf273bb6f4ca994d3263762806ad76201aef6838a0bf1200b893ef80

SHA512
072fb79bf5c7d2b087489744604bb11a8155a3bd06e37daac214c6c4d11f2e100ba84bd57fdf454eb6a3f08951c9787925040656e41ee6334d0eede08c267299

Download Submit
memory/2840-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2840-10-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2840-9-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2840-7-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2840-5-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download