840b72645584d9a650cce4e10cc64c0f95579a42c74e1b6353c9aa07e73f5d33

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 10:46

Target

3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe
Size

92KB
MD5

3d0f17aee984930a000e3163a05fff59
SHA1

07f8733f55858713f020c544da1164e96ef4d807
SHA256

840b72645584d9a650cce4e10cc64c0f95579a42c74e1b6353c9aa07e73f5d33
SHA512

000fed1a5da2dee6cc34c71687b5e5a5ccbe9f7053a47615bf3d8155e876dd565334b790f532f0cce881c23bad100c4e2fc00b81f63b2afb99b46e66bba7ba21
SSDEEP

1536:R+512dd6ye0FoT4B8aGAYgYZOdtKWSti6+ZAIlN3AmJRZPov7XRcg69ERjF:R+512ddle0esSaKWS4lpsXRc0jF

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2408 set thread context of 876	2408	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
876	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe
876	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2408	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 876	2408	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	28
PID 2408 wrote to memory of 876	2408	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	28
PID 2408 wrote to memory of 876	2408	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	28
PID 2408 wrote to memory of 876	2408	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	28
PID 2408 wrote to memory of 876	2408	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	28
PID 2408 wrote to memory of 876	2408	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	28
PID 2408 wrote to memory of 876	2408	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	28
PID 2408 wrote to memory of 876	2408	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	28
PID 876 wrote to memory of 1204	876	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	21
PID 876 wrote to memory of 1204	876	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	21
PID 876 wrote to memory of 1204	876	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	21
PID 876 wrote to memory of 1204	876	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	21

memory/876-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/876-18-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/876-15-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/876-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/876-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/876-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/876-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/876-22-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1204-19-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1204-23-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/2408-17-0x00000000001F0000-0x00000000001FA000-memory.dmp

Filesize
40KB

Download
memory/2408-16-0x0000000000400000-0x0000000000409001-memory.dmp

Filesize
36KB

Download
memory/2408-0-0x0000000000400000-0x0000000000409001-memory.dmp

Filesize
36KB

Download