bebf742e76ee22911307b7b62ee878e64729a02cc2c153713f99d93e38220b0f

Analysis

max time kernel
143s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 01:02

Target

6229098b2812909eed88a3c1f426d99a_JaffaCakes118.exe
Size

197KB
MD5

6229098b2812909eed88a3c1f426d99a
SHA1

d406fef8187bc097abe75c2631b518d04c0e0d9c
SHA256

bebf742e76ee22911307b7b62ee878e64729a02cc2c153713f99d93e38220b0f
SHA512

239f401175d7840b166f55b525f327b1a3be25877c38722aea29d98e72f0430695971336a568455b5a1fb9d99b070ef0596d0fe1e19e5b2345bd68beb9fb3565
SSDEEP

3072:6WtlQOGYAwawSQxDXTRk09L67N0PwTXvWr2qbzPZYP7mHbMDMN0ED7n/NWkWQwsI:fOOnT9SwGwiTvdGUk5qEPjWRsI

Score

7^/10

Executes dropped EXE 2 IoCs

pid	Process
3284	tasklist32.exe
4100	tasklist32.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\SysWOW64\tasklist32.exe	6229098b2812909eed88a3c1f426d99a_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\tasklist32.exe	6229098b2812909eed88a3c1f426d99a_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 732 wrote to memory of 3284	732	6229098b2812909eed88a3c1f426d99a_JaffaCakes118.exe	84
PID 732 wrote to memory of 3284	732	6229098b2812909eed88a3c1f426d99a_JaffaCakes118.exe	84
PID 732 wrote to memory of 3284	732	6229098b2812909eed88a3c1f426d99a_JaffaCakes118.exe	84
PID 3284 wrote to memory of 4100	3284	tasklist32.exe	85
PID 3284 wrote to memory of 4100	3284	tasklist32.exe	85
PID 3284 wrote to memory of 4100	3284	tasklist32.exe	85

C:\Windows\SysWOW64\tasklist32.exe

Filesize
197KB

MD5
6229098b2812909eed88a3c1f426d99a

SHA1
d406fef8187bc097abe75c2631b518d04c0e0d9c

SHA256
bebf742e76ee22911307b7b62ee878e64729a02cc2c153713f99d93e38220b0f

SHA512
239f401175d7840b166f55b525f327b1a3be25877c38722aea29d98e72f0430695971336a568455b5a1fb9d99b070ef0596d0fe1e19e5b2345bd68beb9fb3565

Download Submit
memory/732-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/732-1-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/732-19-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3284-10-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/3284-9-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3284-20-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3284-22-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4100-14-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/4100-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download