Analysis
-
max time kernel
166s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
17/04/2024, 19:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f686165a8dc55edddecc1dd34ed6e587_JaffaCakes118.exe
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
f686165a8dc55edddecc1dd34ed6e587_JaffaCakes118.exe
Resource
win10v2004-20240412-en
1 signatures
150 seconds
General
-
Target
f686165a8dc55edddecc1dd34ed6e587_JaffaCakes118.exe
-
Size
29KB
-
MD5
f686165a8dc55edddecc1dd34ed6e587
-
SHA1
f8ce3bfd083ffd3f98f8054594a6f9478efa37dd
-
SHA256
10da983863367bf5dfee24dd0d9a3d936d4be7d0537576bb56fef83f9e33f6e1
-
SHA512
fddbcf6165844f747d2d2bc461813bf1cb7bc9638b669ca5dca0958fcf65c2a39c34c621b9fad05c40d5f4d0d2f1d4bbd3e77c336692388082d6b8769e5de9df
-
SSDEEP
768:UP6Kh9TOtIzwzhewEWNv71I2ztxqVkChd:Up9StIMEwE0D1I2zokChd
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2576 2220 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2220 wrote to memory of 2576 2220 f686165a8dc55edddecc1dd34ed6e587_JaffaCakes118.exe 29 PID 2220 wrote to memory of 2576 2220 f686165a8dc55edddecc1dd34ed6e587_JaffaCakes118.exe 29 PID 2220 wrote to memory of 2576 2220 f686165a8dc55edddecc1dd34ed6e587_JaffaCakes118.exe 29 PID 2220 wrote to memory of 2576 2220 f686165a8dc55edddecc1dd34ed6e587_JaffaCakes118.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\f686165a8dc55edddecc1dd34ed6e587_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f686165a8dc55edddecc1dd34ed6e587_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2220 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 362⤵
- Program crash
PID:2576
-