44e5cc18287dcbf4159fd906f4ebaf390782db9079a89c387129ec2796aa3415

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 06:04

Target

ecd155002c86e9d6345fad7b1a57ce4d_JaffaCakes118.exe
Size

91KB
MD5

ecd155002c86e9d6345fad7b1a57ce4d
SHA1

a1750593b495bdb1323416247cb4aea76795796d
SHA256

44e5cc18287dcbf4159fd906f4ebaf390782db9079a89c387129ec2796aa3415
SHA512

c379c38c43d0e26c4d43a6a31fe5f93b9743d4547d36bcce13a9e06451f77fb4342dcb122226821710ac8ad8a06b9022aaba4c7c0d029b2efa00cbb79f65b0c1
SSDEEP

1536:KdLEO4TeqI4D/w/S8yYVDcBuuYSQMxZXB448oIO7V2TXbE59sVg0xdy7sdj:gfsewY/S8y4Qh5L58AKXbnfdywB

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
112	1216	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 112	1216	ecd155002c86e9d6345fad7b1a57ce4d_JaffaCakes118.exe	28
PID 1216 wrote to memory of 112	1216	ecd155002c86e9d6345fad7b1a57ce4d_JaffaCakes118.exe	28
PID 1216 wrote to memory of 112	1216	ecd155002c86e9d6345fad7b1a57ce4d_JaffaCakes118.exe	28
PID 1216 wrote to memory of 112	1216	ecd155002c86e9d6345fad7b1a57ce4d_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\ecd155002c86e9d6345fad7b1a57ce4d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ecd155002c86e9d6345fad7b1a57ce4d_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 92
  2⤵
  - Program crash
  PID:112