6fba204a28853c22d66e7222461335b811f54ec4a5d5886d07f6f85a3c7a7eb6

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 23:10

Target

3b15c3f2ed9800df9429bcd4a4afc08a_JaffaCakes118.exe
Size

46KB
MD5

3b15c3f2ed9800df9429bcd4a4afc08a
SHA1

a910ed6fc094ac978fb07c80ac9e933c982867b7
SHA256

6fba204a28853c22d66e7222461335b811f54ec4a5d5886d07f6f85a3c7a7eb6
SHA512

ef92ab838d23c154345265fa77b6e238ffda5c5f718130f894b32a0fbd6889d2b353e9081ca3e7211dcbae96aac9678730046e8dfeaae6f2bd235fbd7857f985
SSDEEP

768:oOUx1Fwmf8BpiJlF3luKS5A6GFJGp7Oy9/cHdp/eISIh5c8vZ6dmfIGH7DY1wdGY:oOUxTwTBUZlqaJ2iHddeI3h5c8h6dwIG

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1972 set thread context of 3056	1972	3b15c3f2ed9800df9429bcd4a4afc08a_JaffaCakes118.exe	29

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1972	3b15c3f2ed9800df9429bcd4a4afc08a_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 3056	1972	3b15c3f2ed9800df9429bcd4a4afc08a_JaffaCakes118.exe	29
PID 1972 wrote to memory of 3056	1972	3b15c3f2ed9800df9429bcd4a4afc08a_JaffaCakes118.exe	29
PID 1972 wrote to memory of 3056	1972	3b15c3f2ed9800df9429bcd4a4afc08a_JaffaCakes118.exe	29
PID 1972 wrote to memory of 3056	1972	3b15c3f2ed9800df9429bcd4a4afc08a_JaffaCakes118.exe	29
PID 1972 wrote to memory of 3056	1972	3b15c3f2ed9800df9429bcd4a4afc08a_JaffaCakes118.exe	29
PID 1972 wrote to memory of 3056	1972	3b15c3f2ed9800df9429bcd4a4afc08a_JaffaCakes118.exe	29
PID 1972 wrote to memory of 3056	1972	3b15c3f2ed9800df9429bcd4a4afc08a_JaffaCakes118.exe	29
PID 1972 wrote to memory of 3056	1972	3b15c3f2ed9800df9429bcd4a4afc08a_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\3b15c3f2ed9800df9429bcd4a4afc08a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3b15c3f2ed9800df9429bcd4a4afc08a_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\3b15c3f2ed9800df9429bcd4a4afc08a_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\3b15c3f2ed9800df9429bcd4a4afc08a_JaffaCakes118.exe
  2⤵
  PID:3056

memory/1972-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1972-12-0x0000000000240000-0x0000000000268000-memory.dmp

Filesize
160KB

Download
memory/1972-15-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3056-11-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3056-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3056-13-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/3056-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/3056-17-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3056-18-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3056-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3056-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3056-20-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download