576395f90746943338db3b71726710a56de577d24e7f661fb8d10e6f5b5d05a2

Analysis

max time kernel
97s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 08:34

Target

451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe
Size

100KB
MD5

451026a946dd4e417f3dd4d58d40c2ef
SHA1

9eea667ae9ccc93eef975f683f1aff63d9301685
SHA256

576395f90746943338db3b71726710a56de577d24e7f661fb8d10e6f5b5d05a2
SHA512

5393baa0784a491f0ee96cfe6a2132e1ed067b7c992858399841f56e010e9ce64243fdada7567b8fc4f91b12e7e32fd04e36d15e39344b4849cb4727583e01d0
SSDEEP

1536:EpDojcIKjZ4ZbPdfzlNfYIzunrtgDTQU7B6CD6XyC78wpWd:wDRfGlF7zuxgDBBTjCQw

Score

5^/10

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\skbskg.dll	451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\userinit.exe	451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mjenpp.dll	451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2424 set thread context of 1112	2424	451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe	83

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1744	1112	WerFault.exe	83

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2424	451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe
2424	451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe
2424	451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe
2424	451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe
2424	451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe
2424	451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2424	451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 1112	2424	451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe	83
PID 2424 wrote to memory of 1112	2424	451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe	83
PID 2424 wrote to memory of 1112	2424	451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe	83
PID 2424 wrote to memory of 1112	2424	451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe	83
PID 2424 wrote to memory of 1112	2424	451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe	83
PID 2424 wrote to memory of 1112	2424	451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe	83
PID 2424 wrote to memory of 1112	2424	451026a946dd4e417f3dd4d58d40c2ef_JaffaCakes118.exe	83

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1112 -ip 1112
1⤵
PID:912

memory/1112-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2424-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2424-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download