35e36a95b4701b9a881a5d0339cc50a0f7bb0faa1c3db86f67b04a0a344f0c54

Analysis

max time kernel
13s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 11:24

Target

459a1f59ff00895cd9a6a7ad1f58e710_JaffaCakes118.exe
Size

635KB
MD5

459a1f59ff00895cd9a6a7ad1f58e710
SHA1

65c614e12bc5bd2d6994118867fe64c62f76cd22
SHA256

35e36a95b4701b9a881a5d0339cc50a0f7bb0faa1c3db86f67b04a0a344f0c54
SHA512

15f1e00e5dd2ccc9608df31a78d532eff15b9214971f6c88486f8bf6fbc1289aef8877c2132cd3b326c4f13f0e2c821422e23784185aaca00f0f16a0fd56637a
SSDEEP

12288:BHnHA3xl3nNTR/nsy53/zGMJtvlZA/vE/x2qbRkI:BHHin9R/s+37BVIK

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1972 set thread context of 1168	1972	459a1f59ff00895cd9a6a7ad1f58e710_JaffaCakes118.exe	29

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 1168	1972	459a1f59ff00895cd9a6a7ad1f58e710_JaffaCakes118.exe	29
PID 1972 wrote to memory of 1168	1972	459a1f59ff00895cd9a6a7ad1f58e710_JaffaCakes118.exe	29
PID 1972 wrote to memory of 1168	1972	459a1f59ff00895cd9a6a7ad1f58e710_JaffaCakes118.exe	29
PID 1972 wrote to memory of 1168	1972	459a1f59ff00895cd9a6a7ad1f58e710_JaffaCakes118.exe	29
PID 1972 wrote to memory of 1168	1972	459a1f59ff00895cd9a6a7ad1f58e710_JaffaCakes118.exe	29
PID 1972 wrote to memory of 1168	1972	459a1f59ff00895cd9a6a7ad1f58e710_JaffaCakes118.exe	29
PID 1972 wrote to memory of 1168	1972	459a1f59ff00895cd9a6a7ad1f58e710_JaffaCakes118.exe	29
PID 1972 wrote to memory of 1168	1972	459a1f59ff00895cd9a6a7ad1f58e710_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\459a1f59ff00895cd9a6a7ad1f58e710_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\459a1f59ff00895cd9a6a7ad1f58e710_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\459a1f59ff00895cd9a6a7ad1f58e710_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\459a1f59ff00895cd9a6a7ad1f58e710_JaffaCakes118.exe
  2⤵
  PID:1168

memory/1168-1-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1168-6-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1168-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1168-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1168-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1168-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1168-11-0x0000000000230000-0x0000000000243000-memory.dmp

Filesize
76KB

Download
memory/1972-0-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/1972-9-0x0000000010000000-0x0000000010097000-memory.dmp

Filesize
604KB

Download