41165546d12809d10755056129dde5c28a7c3347ef594c72e9da6ae0d78c6b7c

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 16:24

Target

5cb79d5e548ed99ab67fe4ce8f657385_JaffaCakes118.exe
Size

76KB
MD5

5cb79d5e548ed99ab67fe4ce8f657385
SHA1

526890c5275b1b2f027b39f92167ab3f31593b6a
SHA256

41165546d12809d10755056129dde5c28a7c3347ef594c72e9da6ae0d78c6b7c
SHA512

9c1e8906cab6e25feb26e5223a758c8047c7fc1187f3ac63169f91afe7487144acbc1404f059e40ccb10c5a75d83567c996fdb4ede116facaeb88164d3689996
SSDEEP

1536:OTJlUVoQ7wlxADRk32NykvD+unqSRyAjAG8swOIbqoMGadiVFLKKC:OTJlUVoQ7wlxADRk3uvDnnqSRyAjOswm

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2276 set thread context of 2980	2276	5cb79d5e548ed99ab67fe4ce8f657385_JaffaCakes118.exe	31

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2980	5cb79d5e548ed99ab67fe4ce8f657385_JaffaCakes118.exe
2980	5cb79d5e548ed99ab67fe4ce8f657385_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2276	5cb79d5e548ed99ab67fe4ce8f657385_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 2980	2276	5cb79d5e548ed99ab67fe4ce8f657385_JaffaCakes118.exe	31
PID 2276 wrote to memory of 2980	2276	5cb79d5e548ed99ab67fe4ce8f657385_JaffaCakes118.exe	31
PID 2276 wrote to memory of 2980	2276	5cb79d5e548ed99ab67fe4ce8f657385_JaffaCakes118.exe	31
PID 2276 wrote to memory of 2980	2276	5cb79d5e548ed99ab67fe4ce8f657385_JaffaCakes118.exe	31
PID 2276 wrote to memory of 2980	2276	5cb79d5e548ed99ab67fe4ce8f657385_JaffaCakes118.exe	31
PID 2276 wrote to memory of 2980	2276	5cb79d5e548ed99ab67fe4ce8f657385_JaffaCakes118.exe	31
PID 2276 wrote to memory of 2980	2276	5cb79d5e548ed99ab67fe4ce8f657385_JaffaCakes118.exe	31
PID 2276 wrote to memory of 2980	2276	5cb79d5e548ed99ab67fe4ce8f657385_JaffaCakes118.exe	31
PID 2980 wrote to memory of 1188	2980	5cb79d5e548ed99ab67fe4ce8f657385_JaffaCakes118.exe	21
PID 2980 wrote to memory of 1188	2980	5cb79d5e548ed99ab67fe4ce8f657385_JaffaCakes118.exe	21
PID 2980 wrote to memory of 1188	2980	5cb79d5e548ed99ab67fe4ce8f657385_JaffaCakes118.exe	21
PID 2980 wrote to memory of 1188	2980	5cb79d5e548ed99ab67fe4ce8f657385_JaffaCakes118.exe	21

memory/1188-14-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1188-17-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/2980-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2980-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2980-12-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2980-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2980-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2980-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2980-13-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download