27c99460ad064b2e1a29a9cd36ecc4248eed4135c9bfd82c7e291c1f4e70f189

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 03:44

Target

481408c4867a7f1de4f6d94ea2f93a4a_JaffaCakes118.exe
Size

327KB
MD5

481408c4867a7f1de4f6d94ea2f93a4a
SHA1

3d397a311c129584510fa0cc860387a958cca99c
SHA256

27c99460ad064b2e1a29a9cd36ecc4248eed4135c9bfd82c7e291c1f4e70f189
SHA512

656861add7e61250618a17737a71986f785e8a803d5d2cda062a673b711c73c5984cb73a6db026c22dc0dc4b51c23d33129c94552d557a1cac4ef25a6feadfa4
SSDEEP

6144:1HSPog8gW5zJ+W1PQGXDjIzME28wfbThH3LLsih0X5zTPaNncw1PhHM2eC:1Hcf7W5j1tjIIvVfb53LYjFTPaNcGHMe

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2424 set thread context of 3828	2424	481408c4867a7f1de4f6d94ea2f93a4a_JaffaCakes118.exe	88

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 3828	2424	481408c4867a7f1de4f6d94ea2f93a4a_JaffaCakes118.exe	88
PID 2424 wrote to memory of 3828	2424	481408c4867a7f1de4f6d94ea2f93a4a_JaffaCakes118.exe	88
PID 2424 wrote to memory of 3828	2424	481408c4867a7f1de4f6d94ea2f93a4a_JaffaCakes118.exe	88
PID 2424 wrote to memory of 3828	2424	481408c4867a7f1de4f6d94ea2f93a4a_JaffaCakes118.exe	88
PID 2424 wrote to memory of 3828	2424	481408c4867a7f1de4f6d94ea2f93a4a_JaffaCakes118.exe	88
PID 2424 wrote to memory of 3828	2424	481408c4867a7f1de4f6d94ea2f93a4a_JaffaCakes118.exe	88
PID 2424 wrote to memory of 3828	2424	481408c4867a7f1de4f6d94ea2f93a4a_JaffaCakes118.exe	88
PID 2424 wrote to memory of 3828	2424	481408c4867a7f1de4f6d94ea2f93a4a_JaffaCakes118.exe	88

C:\Users\Admin\AppData\Local\Temp\481408c4867a7f1de4f6d94ea2f93a4a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\481408c4867a7f1de4f6d94ea2f93a4a_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Users\Admin\AppData\Local\Temp\481408c4867a7f1de4f6d94ea2f93a4a_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\481408c4867a7f1de4f6d94ea2f93a4a_JaffaCakes118.exe"
  2⤵
  PID:3828

memory/2424-0-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/2424-4-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/3828-1-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/3828-5-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/3828-6-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/3828-7-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download