561809229b17dc6fe7a2c2ccbea1f08f02d6ed3ff03548260f9aaa4643201634

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 18:15

Target

42cc52a6a1889a056acc84980677a37e_JaffaCakes118.exe
Size

63KB
MD5

42cc52a6a1889a056acc84980677a37e
SHA1

971c947de3aeb06c2788ee282cc34c91c6f95082
SHA256

561809229b17dc6fe7a2c2ccbea1f08f02d6ed3ff03548260f9aaa4643201634
SHA512

e31eed2d41f20f9c4d3664be3dfde179311d1a166d5c7839d1748829e26690bb6a152f875d6f0bc5ebf3dd6afc9567153396c3b750e56727ca3a0a69b4bd583f
SSDEEP

1536:5dDli9bGnO8lCqarm2euXqdddddddddddddddddddddddddddddddddddddddddQ:5Zg9bGO8lTvQXNRxm4Vh

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ttoojyytj.exe	42cc52a6a1889a056acc84980677a37e_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ttoojyytj.exe	42cc52a6a1889a056acc84980677a37e_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2736 set thread context of 2848	2736	42cc52a6a1889a056acc84980677a37e_JaffaCakes118.exe	30

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2848	42cc52a6a1889a056acc84980677a37e_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 2848	2736	42cc52a6a1889a056acc84980677a37e_JaffaCakes118.exe	30
PID 2736 wrote to memory of 2848	2736	42cc52a6a1889a056acc84980677a37e_JaffaCakes118.exe	30
PID 2736 wrote to memory of 2848	2736	42cc52a6a1889a056acc84980677a37e_JaffaCakes118.exe	30
PID 2736 wrote to memory of 2848	2736	42cc52a6a1889a056acc84980677a37e_JaffaCakes118.exe	30
PID 2736 wrote to memory of 2848	2736	42cc52a6a1889a056acc84980677a37e_JaffaCakes118.exe	30
PID 2736 wrote to memory of 2848	2736	42cc52a6a1889a056acc84980677a37e_JaffaCakes118.exe	30
PID 2848 wrote to memory of 1200	2848	42cc52a6a1889a056acc84980677a37e_JaffaCakes118.exe	21
PID 2848 wrote to memory of 1200	2848	42cc52a6a1889a056acc84980677a37e_JaffaCakes118.exe	21
PID 2848 wrote to memory of 1200	2848	42cc52a6a1889a056acc84980677a37e_JaffaCakes118.exe	21

memory/1200-14-0x0000000002DF0000-0x0000000002DF3000-memory.dmp

Filesize
12KB

Download
memory/1200-15-0x0000000002E00000-0x0000000002E02000-memory.dmp

Filesize
8KB

Download
memory/1200-13-0x0000000002A70000-0x0000000002A71000-memory.dmp

Filesize
4KB

Download
memory/2736-4-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2736-3-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2736-5-0x0000000000500000-0x0000000000522000-memory.dmp

Filesize
136KB

Download
memory/2736-9-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2736-0-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2736-2-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2736-1-0x0000000002120000-0x0000000002121000-memory.dmp

Filesize
4KB

Download
memory/2848-6-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2848-10-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2848-16-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download