b429c4609d35fe989bf7a9020a23fcd66ac8cbea705592fc5d1cfb68ebb8fd18

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 21:10

Target

36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe
Size

65KB
MD5

36656367ba3a0bb64a1e2c263741aaa8
SHA1

5ad39a7ebb4f29a0d8d6afa4cb8984ed4b1dad17
SHA256

b429c4609d35fe989bf7a9020a23fcd66ac8cbea705592fc5d1cfb68ebb8fd18
SHA512

5dd9196f661fe7e8d937976eee654f0cc6e9411bad9a6dd93ff59f88030f6da079321c155edb4e654819dd173876bf3df30600f9b25532e1a5cb61c40b8403f1
SSDEEP

1536:sgpdafvuHT6vfVznTUK/1qtRI8Y0DM2YQO2mISFWPMswK:WfVTUk1MIJ4YfIZ

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe

description	pid	process	target process
PID 1316 set thread context of 620	1316	36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe	36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe

description	pid	process	target process
PID 1316 wrote to memory of 620	1316	36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe	36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe
PID 1316 wrote to memory of 620	1316	36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe	36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe
PID 1316 wrote to memory of 620	1316	36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe	36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe
PID 1316 wrote to memory of 620	1316	36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe	36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe
PID 1316 wrote to memory of 620	1316	36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe	36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe
PID 1316 wrote to memory of 620	1316	36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe	36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe
PID 620 wrote to memory of 3508	620	36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe	Explorer.EXE
PID 620 wrote to memory of 3508	620	36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe	Explorer.EXE
PID 620 wrote to memory of 3508	620	36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe	Explorer.EXE
PID 620 wrote to memory of 3508	620	36656367ba3a0bb64a1e2c263741aaa8_JaffaCakes118.exe	Explorer.EXE

memory/620-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/620-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/620-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/620-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3508-6-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/3508-7-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

Filesize
4KB

Download