1fa560b63c6bdded188f8bfe9cadf903836456e0fb744adfc385669d78769738

Analysis

max time kernel
140s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 22:43

Target

61b5e137be98336d77e02af2cae9f031_JaffaCakes118.exe
Size

139KB
MD5

61b5e137be98336d77e02af2cae9f031
SHA1

4ec22dbf36546ed842f10900ae1aa2a11b57f995
SHA256

1fa560b63c6bdded188f8bfe9cadf903836456e0fb744adfc385669d78769738
SHA512

2d9ae6d289a32989d4a794cb67feebe45fc5caa713ab4e30cce171ddea198a04113d5b29c8d6e516aa93cb74d5fd31df2b5c062c8ac5825004384963a74b4544
SSDEEP

3072:kCTCd857nhEcMiplVvauR3C9DthcAY7nudpd9H:MW57hEh0jrC9DAA9H

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1448	TibiaMC0.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1448	TibiaMC0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 1448	4804	61b5e137be98336d77e02af2cae9f031_JaffaCakes118.exe	84
PID 4804 wrote to memory of 1448	4804	61b5e137be98336d77e02af2cae9f031_JaffaCakes118.exe	84
PID 4804 wrote to memory of 1448	4804	61b5e137be98336d77e02af2cae9f031_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\61b5e137be98336d77e02af2cae9f031_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\61b5e137be98336d77e02af2cae9f031_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Users\Admin\AppData\Local\Temp\TibiaMC0.exe
  "C:\Users\Admin\AppData\Local\Temp\TibiaMC0.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1448

C:\Users\Admin\AppData\Local\Temp\TibiaMC0.exe

Filesize
24KB

MD5
a178212d61eefce23983602e5904d3ac

SHA1
621521a4c838946c239ab51fc5d0b55d5691e506

SHA256
678e73d16eca9695e947d29687e3fa0d7c5e953d6d7381993bfa1fd0a93be23b

SHA512
2126efc692dc588540803f8dc300c8a173b8b68969a24081fd9a86328428034c340bb650ba63f7ce3ba8393d9ee3ff28e6aec9d71868e8e32d71060b8518168a

Download Submit