fb2029e095a8e777d51894f38da6e80029bdf6b1914d33c31515daf599e0c28a

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 16:04

Target

f3d4348ad1c3d47f3924d6585f100879_JaffaCakes118.exe
Size

23KB
MD5

f3d4348ad1c3d47f3924d6585f100879
SHA1

c2bb407a5c79dab92a7e416f9c39f1d0fb27623f
SHA256

fb2029e095a8e777d51894f38da6e80029bdf6b1914d33c31515daf599e0c28a
SHA512

635ec6744e6549aa1975095c676f713778693f5fe8f2621082c12bf72114c81c6f2078e66cf43fbd7438060526d35bd8ba45d9a32b1b6facfed32c40695d8336
SSDEEP

384:3zHl3Tc43J6o+ydXlxs9otWjpmly4u/+Xi2IhzJB0rXE/ELfFROn6W4zW:D5TtglydXlptkjRsi2IpJB0rXE09ROE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2832	1800	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 2832	1800	f3d4348ad1c3d47f3924d6585f100879_JaffaCakes118.exe	28
PID 1800 wrote to memory of 2832	1800	f3d4348ad1c3d47f3924d6585f100879_JaffaCakes118.exe	28
PID 1800 wrote to memory of 2832	1800	f3d4348ad1c3d47f3924d6585f100879_JaffaCakes118.exe	28
PID 1800 wrote to memory of 2832	1800	f3d4348ad1c3d47f3924d6585f100879_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\f3d4348ad1c3d47f3924d6585f100879_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f3d4348ad1c3d47f3924d6585f100879_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 44
  2⤵
  - Program crash
  PID:2832

memory/1800-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download