36af732ab60477ac753e2a6f351d8ce3c890c956d59d3d67d3b67de9ef3eaab0

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 09:38

Target

670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe
Size

14.0MB
MD5

670d09cb80ff2435e3976253ef231357
SHA1

694e711650bffa261a1a39f08dd939b9fdb298c5
SHA256

36af732ab60477ac753e2a6f351d8ce3c890c956d59d3d67d3b67de9ef3eaab0
SHA512

b58dda29d0d83b59449274503e8efa02ad341a6849954db1da0865525f782fc00ae888e6b5a150f6eb3b4a572bf901521e5afcac8e3905db3f68e5af1a8eabab
SSDEEP

196608:oL0LNLnZLcLo1L0LNLnsLNL4LfsLN0LNLnsLNLO:q

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2968	zayxz.exe

Loads dropped DLL 2 IoCs

pid	Process
1176	670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe
1176	670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1176 set thread context of 2968	1176	670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe	31

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1176	670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 2968	1176	670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe	31
PID 1176 wrote to memory of 2968	1176	670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe	31
PID 1176 wrote to memory of 2968	1176	670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe	31
PID 1176 wrote to memory of 2968	1176	670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe	31
PID 1176 wrote to memory of 2968	1176	670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe	31
PID 1176 wrote to memory of 2968	1176	670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe	31
PID 1176 wrote to memory of 2968	1176	670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Users\Admin\AppData\Local\Temp\zayxz.exe
  C:\Users\Admin\AppData\Local\Temp\zayxz.exe
  2⤵
  - Executes dropped EXE
  PID:2968

\Users\Admin\AppData\Local\Temp\zayxz.exe

Filesize
19.3MB

MD5
7357f2b8e5208955948835deac4be346

SHA1
a5a77b471149f1ee78a805eda4946e5879129513

SHA256
dba8949a396e62d25ea8c5f0baecb642262a23b8fa09689139484bf5a537bb67

SHA512
ecb5c24814abf8c589c00312f39f7791d8f23f86a2cd0b8835a6134c375548b41d4360f69b83820b2a7936d5be358121aceec33cf61351835e3bdd0e8797fc29

Download Submit
memory/1176-0-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1176-18-0x0000000000400000-0x00000000004A00F8-memory.dmp

Filesize
640KB

Download
memory/2968-8-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/2968-16-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/2968-14-0x00000000001B0000-0x00000000002B7000-memory.dmp

Filesize
1.0MB

Download
memory/2968-12-0x00000000001B0000-0x00000000002B7000-memory.dmp

Filesize
1.0MB

Download
memory/2968-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download