2f1962aa04ad41b846f7f6b3b6f4a5aee6f1994cbd8ebac94661d0b85d10272a

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 09:37

Target

670b9d7e43799a97b44e147460ad850e_JaffaCakes118.exe
Size

139KB
MD5

670b9d7e43799a97b44e147460ad850e
SHA1

a7790f6db1fa40342bf26dca87b658cf5bab3672
SHA256

2f1962aa04ad41b846f7f6b3b6f4a5aee6f1994cbd8ebac94661d0b85d10272a
SHA512

5300c27a0934f3dae1b0c94e76b4c56f5463f62789597068064dbe95f52e4cfd197d78a8c597079445740c76f08934e3d76fd51f0b9ff2110a5569b2bd137cf7
SSDEEP

3072:rtGuBfd0yUYl06ZAlzB91zczKuPktGgBfd0yUYl06ZAls:kauPIeubYue

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2864 set thread context of 1944	2864	670b9d7e43799a97b44e147460ad850e_JaffaCakes118.exe	30

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 1944	2864	670b9d7e43799a97b44e147460ad850e_JaffaCakes118.exe	30
PID 2864 wrote to memory of 1944	2864	670b9d7e43799a97b44e147460ad850e_JaffaCakes118.exe	30
PID 2864 wrote to memory of 1944	2864	670b9d7e43799a97b44e147460ad850e_JaffaCakes118.exe	30
PID 2864 wrote to memory of 1944	2864	670b9d7e43799a97b44e147460ad850e_JaffaCakes118.exe	30
PID 2864 wrote to memory of 1944	2864	670b9d7e43799a97b44e147460ad850e_JaffaCakes118.exe	30
PID 2864 wrote to memory of 1944	2864	670b9d7e43799a97b44e147460ad850e_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\670b9d7e43799a97b44e147460ad850e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\670b9d7e43799a97b44e147460ad850e_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Users\Admin\AppData\Local\Temp\670b9d7e43799a97b44e147460ad850e_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\670b9d7e43799a97b44e147460ad850e_JaffaCakes118.exe"
  2⤵
  PID:1944

memory/1944-5-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1944-7-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2864-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2864-2-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2864-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2864-4-0x0000000000440000-0x0000000000441000-memory.dmp

Filesize
4KB

Download
memory/2864-3-0x0000000000510000-0x0000000000511000-memory.dmp

Filesize
4KB

Download
memory/2864-9-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download