f7dd1425c5e06cf94fe66f1cc08ce2f460ca9aa491f93c934c527ca209a43b8a

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 23:02

Target

61c3ca6e2832866de29077953ee3862e_JaffaCakes118.exe
Size

94KB
MD5

61c3ca6e2832866de29077953ee3862e
SHA1

0052d26971c6d236b20ec4d9c76c44f8ffe7160d
SHA256

f7dd1425c5e06cf94fe66f1cc08ce2f460ca9aa491f93c934c527ca209a43b8a
SHA512

6aaa14729307be9ab2731ca90c53a0513928820b8d6ae5a5ad601fc443cc7772cd3cdc80571393352e32a1aafd5f2efb7e9df714ff3ab8fc7df9e2a107340816
SSDEEP

1536:1fF9FMU1gq3pzjl3Xh96ssjoxqM+zXSsNrPV70vxdskhW8tOy0L913NuSkLZlWn:1mMgcBB9DsExLuJT92/hWXvL9RaZlWn

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1952	m1.exe

Loads dropped DLL 2 IoCs

pid	Process
1460	61c3ca6e2832866de29077953ee3862e_JaffaCakes118.exe
1460	61c3ca6e2832866de29077953ee3862e_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 1952	1460	61c3ca6e2832866de29077953ee3862e_JaffaCakes118.exe	30
PID 1460 wrote to memory of 1952	1460	61c3ca6e2832866de29077953ee3862e_JaffaCakes118.exe	30
PID 1460 wrote to memory of 1952	1460	61c3ca6e2832866de29077953ee3862e_JaffaCakes118.exe	30
PID 1460 wrote to memory of 1952	1460	61c3ca6e2832866de29077953ee3862e_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\m1.exe

Filesize
404KB

MD5
3ae6f5cfd41f9f452c22f870b730ac08

SHA1
cf76062b512f5b20b2a8627e7893bb11ec16dc57

SHA256
d965be195ac4a686d4de3731c1039d20cacf6d4f4c40d65a56785b4875fa97c4

SHA512
99b1e035263e0317879f2d7ac7caeec587697b98cd2874dc0759b399e9221f6fee3ba8d204b3d345fde874ec4e077ba28a9eae5a6073522f5c288809ba94845c

Download Submit
memory/1460-13-0x0000000000400000-0x00000000004DE000-memory.dmp

Filesize
888KB

Download