840b72645584d9a650cce4e10cc64c0f95579a42c74e1b6353c9aa07e73f5d33

Analysis

max time kernel
95s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 10:46

Target

3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe
Size

92KB
MD5

3d0f17aee984930a000e3163a05fff59
SHA1

07f8733f55858713f020c544da1164e96ef4d807
SHA256

840b72645584d9a650cce4e10cc64c0f95579a42c74e1b6353c9aa07e73f5d33
SHA512

000fed1a5da2dee6cc34c71687b5e5a5ccbe9f7053a47615bf3d8155e876dd565334b790f532f0cce881c23bad100c4e2fc00b81f63b2afb99b46e66bba7ba21
SSDEEP

1536:R+512dd6ye0FoT4B8aGAYgYZOdtKWSti6+ZAIlN3AmJRZPov7XRcg69ERjF:R+512ddle0esSaKWS4lpsXRc0jF

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3200 set thread context of 3380	3200	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	84

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3200	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3200 wrote to memory of 3380	3200	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	84
PID 3200 wrote to memory of 3380	3200	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	84
PID 3200 wrote to memory of 3380	3200	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	84
PID 3200 wrote to memory of 3380	3200	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	84
PID 3200 wrote to memory of 3380	3200	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	84
PID 3200 wrote to memory of 3380	3200	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	84
PID 3200 wrote to memory of 3380	3200	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	84
PID 3380 wrote to memory of 3456	3380	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	56
PID 3380 wrote to memory of 3456	3380	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	56
PID 3380 wrote to memory of 3456	3380	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	56
PID 3380 wrote to memory of 3456	3380	3d0f17aee984930a000e3163a05fff59_JaffaCakes118.exe	56

memory/3200-0-0x0000000000400000-0x0000000000409001-memory.dmp

Filesize
36KB

Download
memory/3200-9-0x0000000000400000-0x0000000000409001-memory.dmp

Filesize
36KB

Download
memory/3380-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3380-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3380-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3380-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3380-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3456-11-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/3456-12-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

Filesize
4KB

Download