1e8c33e32beb2704891f82e9b3a40c69d91ae513cef78eb53f6c862cc37d2160

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 06:21

Target

3c4947917f5fbba01e7fd70bc7c959dc_JaffaCakes118.exe
Size

292KB
MD5

3c4947917f5fbba01e7fd70bc7c959dc
SHA1

c464b9289d072f6d283c4f1c33858c3262936ed6
SHA256

1e8c33e32beb2704891f82e9b3a40c69d91ae513cef78eb53f6c862cc37d2160
SHA512

61d9e588d0fa8f17eeac4864b3cdddbb4bad62648be7ed0af470c1905012dcd4da8cbb3e5f1618fcba7e2c91246296006ef93f64fe265531eb1bb659fdd0799a
SSDEEP

3072:CqBYp175d+mPMVjh/hoIDL1Ng5Icm6sPIOLVwKoujk1uHP/lWqvEGSF3+CvSFyAb:RBa17iVvwZDsig7HSgyAGI1a2TKs

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2528 set thread context of 2552	2528	3c4947917f5fbba01e7fd70bc7c959dc_JaffaCakes118.exe	29

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2552	2528	3c4947917f5fbba01e7fd70bc7c959dc_JaffaCakes118.exe	29
PID 2528 wrote to memory of 2552	2528	3c4947917f5fbba01e7fd70bc7c959dc_JaffaCakes118.exe	29
PID 2528 wrote to memory of 2552	2528	3c4947917f5fbba01e7fd70bc7c959dc_JaffaCakes118.exe	29
PID 2528 wrote to memory of 2552	2528	3c4947917f5fbba01e7fd70bc7c959dc_JaffaCakes118.exe	29
PID 2528 wrote to memory of 2552	2528	3c4947917f5fbba01e7fd70bc7c959dc_JaffaCakes118.exe	29
PID 2528 wrote to memory of 2552	2528	3c4947917f5fbba01e7fd70bc7c959dc_JaffaCakes118.exe	29
PID 2528 wrote to memory of 2552	2528	3c4947917f5fbba01e7fd70bc7c959dc_JaffaCakes118.exe	29
PID 2528 wrote to memory of 2552	2528	3c4947917f5fbba01e7fd70bc7c959dc_JaffaCakes118.exe	29
PID 2528 wrote to memory of 2552	2528	3c4947917f5fbba01e7fd70bc7c959dc_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\3c4947917f5fbba01e7fd70bc7c959dc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c4947917f5fbba01e7fd70bc7c959dc_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Users\Admin\AppData\Local\Temp\3c4947917f5fbba01e7fd70bc7c959dc_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\3c4947917f5fbba01e7fd70bc7c959dc_JaffaCakes118.exe"
  2⤵
  PID:2552

memory/2552-0-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2552-4-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2552-10-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2552-12-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2552-13-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2552-8-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2552-2-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2552-6-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2552-16-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download