0f38f3e076a9431243ec072ab5f360620bf1a817e490222b49d39d46a6737f15

Analysis

max time kernel
140s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20-07-2024 23:00

Target

605377a80ef3b5ec88ab4687e1878735_JaffaCakes118.exe
Size

91KB
MD5

605377a80ef3b5ec88ab4687e1878735
SHA1

16301f2d564e4225f83d6ab458a0c47df8718e67
SHA256

0f38f3e076a9431243ec072ab5f360620bf1a817e490222b49d39d46a6737f15
SHA512

76a9e4b5f4ad2062bdda5c54ed66792cd9d9e7015ec1b174d10b44f79c80e17c914fc4a4caf184105ed8b1788126324a44fdac009f9930157f50bfac9f141bc5
SSDEEP

1536:ZiDLG7z8p+SZjBHdEhIxBtS5Q5grdU3+kNS9Y/bmF6uIo6nX7mNeomBZzJ1J+B0b:ZifEzyPHdEaaQ5g2Ow2Y/bmF65NCNeoS

Score

7^/10

Unexpected DNS network traffic destination 5 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2216 set thread context of 3480	2216	605377a80ef3b5ec88ab4687e1878735_JaffaCakes118.exe	84

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3480	605377a80ef3b5ec88ab4687e1878735_JaffaCakes118.exe
3480	605377a80ef3b5ec88ab4687e1878735_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 3480	2216	605377a80ef3b5ec88ab4687e1878735_JaffaCakes118.exe	84
PID 2216 wrote to memory of 3480	2216	605377a80ef3b5ec88ab4687e1878735_JaffaCakes118.exe	84
PID 2216 wrote to memory of 3480	2216	605377a80ef3b5ec88ab4687e1878735_JaffaCakes118.exe	84
PID 2216 wrote to memory of 3480	2216	605377a80ef3b5ec88ab4687e1878735_JaffaCakes118.exe	84
PID 2216 wrote to memory of 3480	2216	605377a80ef3b5ec88ab4687e1878735_JaffaCakes118.exe	84
PID 2216 wrote to memory of 3480	2216	605377a80ef3b5ec88ab4687e1878735_JaffaCakes118.exe	84
PID 2216 wrote to memory of 3480	2216	605377a80ef3b5ec88ab4687e1878735_JaffaCakes118.exe	84
PID 2216 wrote to memory of 3480	2216	605377a80ef3b5ec88ab4687e1878735_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\605377a80ef3b5ec88ab4687e1878735_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\605377a80ef3b5ec88ab4687e1878735_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Users\Admin\AppData\Local\Temp\605377a80ef3b5ec88ab4687e1878735_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\605377a80ef3b5ec88ab4687e1878735_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480

memory/3480-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3480-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3480-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download