57302736a8fb945cfd7dd1f99f2e7f1c7ddab14508be873b0f49b128abeb489a

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 00:59

Target

371bc8a7ffe84af5edb5343b884229ef_JaffaCakes118.exe
Size

35KB
MD5

371bc8a7ffe84af5edb5343b884229ef
SHA1

44714ba546740f8b5e0d9cc05e4f579d2c4425a8
SHA256

57302736a8fb945cfd7dd1f99f2e7f1c7ddab14508be873b0f49b128abeb489a
SHA512

37eeeb8ab6d099f1d22ac060ab5984e8c11bd1a8e28251ce74d3b8de1790ef7c4eea40ccfdd783093634b4eb06fe8ae983ab26b8ac5aefd2675170947d0197ce
SSDEEP

768:uHPlIqSEnEqb9ST8ZnD2HgKNCEwYAQhIdI2N2kJBGBiWuFuTY:udIqnnEyNnD2SESQidI2BGBB8

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 516 set thread context of 5048	516	371bc8a7ffe84af5edb5343b884229ef_JaffaCakes118.exe	82

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1780	5048	WerFault.exe	82

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
516	371bc8a7ffe84af5edb5343b884229ef_JaffaCakes118.exe
516	371bc8a7ffe84af5edb5343b884229ef_JaffaCakes118.exe
516	371bc8a7ffe84af5edb5343b884229ef_JaffaCakes118.exe
516	371bc8a7ffe84af5edb5343b884229ef_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 516 wrote to memory of 5048	516	371bc8a7ffe84af5edb5343b884229ef_JaffaCakes118.exe	82
PID 516 wrote to memory of 5048	516	371bc8a7ffe84af5edb5343b884229ef_JaffaCakes118.exe	82
PID 516 wrote to memory of 5048	516	371bc8a7ffe84af5edb5343b884229ef_JaffaCakes118.exe	82
PID 516 wrote to memory of 5048	516	371bc8a7ffe84af5edb5343b884229ef_JaffaCakes118.exe	82
PID 516 wrote to memory of 5048	516	371bc8a7ffe84af5edb5343b884229ef_JaffaCakes118.exe	82

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5048 -ip 5048
1⤵
PID:2464

memory/5048-0-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download