38902c439b36551d3bbb2701e11f8042b421ee1487066a20f639ec4d93eb6a1d

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 15:31

Target

edc0e52612090a41a91abdd761350839_JaffaCakes118.exe
Size

3.4MB
MD5

edc0e52612090a41a91abdd761350839
SHA1

ac911c4ae4f5837ffee6b4d49c875a35c908c0b7
SHA256

38902c439b36551d3bbb2701e11f8042b421ee1487066a20f639ec4d93eb6a1d
SHA512

1bed6619e481f0fbd921eadf51f1c208ff04fa5c3a46e40d0c9a946063d645ed674939500dffeb7c4deb7369b1bbc5ff1cae71bbb92a3772e9bb27b377f9cdfa
SSDEEP

49152:TyWhofbfKx/wCGZ1facu40S/zNCYhvdpLKhATeD:dKzf3DfS40S/B1TBK

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2488	2020	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2488	2020	edc0e52612090a41a91abdd761350839_JaffaCakes118.exe	28
PID 2020 wrote to memory of 2488	2020	edc0e52612090a41a91abdd761350839_JaffaCakes118.exe	28
PID 2020 wrote to memory of 2488	2020	edc0e52612090a41a91abdd761350839_JaffaCakes118.exe	28
PID 2020 wrote to memory of 2488	2020	edc0e52612090a41a91abdd761350839_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\edc0e52612090a41a91abdd761350839_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\edc0e52612090a41a91abdd761350839_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 88
  2⤵
  - Program crash
  PID:2488

memory/2020-0-0x0000000000400000-0x00000000007F4000-memory.dmp

Filesize
4.0MB

Download
memory/2020-1-0x0000000000400000-0x00000000007F4000-memory.dmp

Filesize
4.0MB

Download