b1f65e9c4d41398391e086c3dde7a211cd1823a94e4771e0fcecde54373e2b8b

Analysis

max time kernel
141s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 11:10

Target

5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe
Size

304KB
MD5

5bb038bfbecbce82f43265cfe2719874
SHA1

18c3111b6f52c66169f3450f30667d62f38fec18
SHA256

b1f65e9c4d41398391e086c3dde7a211cd1823a94e4771e0fcecde54373e2b8b
SHA512

ee080f87e0095dbcce4da9317e44d3089e3616b49282a033712de50fc77cf6159ef1f211fb68dcfbbc794e5982faf32e2f62cb91b0922c0fc96fbd4c3e9c7602
SSDEEP

6144:AHjCJGeB6DAPS5PiqBEW2GDqXnL47AdlizG8w:ADCD6PDBEzqyL4wnd

Score

5^/10

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 4264 set thread context of 3784	4264	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe	86
PID 3784 set thread context of 2412	3784	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe	88

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4264	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe
3784	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 4264 wrote to memory of 3784	4264	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe	86
PID 4264 wrote to memory of 3784	4264	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe	86
PID 4264 wrote to memory of 3784	4264	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe	86
PID 4264 wrote to memory of 3784	4264	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe	86
PID 4264 wrote to memory of 3784	4264	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe	86
PID 4264 wrote to memory of 3784	4264	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe	86
PID 4264 wrote to memory of 3784	4264	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe	86
PID 4264 wrote to memory of 3784	4264	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe	86
PID 3784 wrote to memory of 2412	3784	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe	88
PID 3784 wrote to memory of 2412	3784	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe	88
PID 3784 wrote to memory of 2412	3784	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe	88
PID 3784 wrote to memory of 2412	3784	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe	88
PID 3784 wrote to memory of 2412	3784	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe	88
PID 3784 wrote to memory of 2412	3784	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe	88
PID 3784 wrote to memory of 2412	3784	5bb038bfbecbce82f43265cfe2719874_JaffaCakes118.exe	88

memory/2412-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2412-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2412-11-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2412-12-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/3784-3-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3784-5-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3784-16-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4264-0-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/4264-14-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download