c09e7b3a9a9b260ac73c68acacae11f8a5ea55361dcc2085779ef721dccd7806

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 04:01

Target

f0428f3fc4eafdcfe5f9eba46435fba5_JaffaCakes118.exe
Size

124KB
MD5

f0428f3fc4eafdcfe5f9eba46435fba5
SHA1

e270e59448a4dd331a38fd76d7c6766e3c0c47a8
SHA256

c09e7b3a9a9b260ac73c68acacae11f8a5ea55361dcc2085779ef721dccd7806
SHA512

231e1408350c893cb858f6f2e9ce64cd5a4fac01a4e18b45b25ac5f99882c90660989a940ea613adbd5280ea230ef46ea51343036b9c15ba5c10fcddfafc01a5
SSDEEP

3072:ewpOTdaxgmSKUqvkvCFWTPFac1YEVFO1mCEb/mrZMxpib:ewpOTUKjrvbjr+mdC+pib

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
380	2340	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 380	2340	f0428f3fc4eafdcfe5f9eba46435fba5_JaffaCakes118.exe	28
PID 2340 wrote to memory of 380	2340	f0428f3fc4eafdcfe5f9eba46435fba5_JaffaCakes118.exe	28
PID 2340 wrote to memory of 380	2340	f0428f3fc4eafdcfe5f9eba46435fba5_JaffaCakes118.exe	28
PID 2340 wrote to memory of 380	2340	f0428f3fc4eafdcfe5f9eba46435fba5_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\f0428f3fc4eafdcfe5f9eba46435fba5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f0428f3fc4eafdcfe5f9eba46435fba5_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 36
  2⤵
  - Program crash
  PID:380

memory/2340-0-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2340-1-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download