91f37bb3d230125ba9814dd8a594556eafe7a0979dc55e3f2eba540d625774b2

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 01:41

Target

fe22ccef0643330f1b6875fb688dae9d_JaffaCakes118.exe
Size

268KB
MD5

fe22ccef0643330f1b6875fb688dae9d
SHA1

303c2930a47e61c011014a1b34c60171f43db617
SHA256

91f37bb3d230125ba9814dd8a594556eafe7a0979dc55e3f2eba540d625774b2
SHA512

b84b0cb3d41be3e60db55d7d7866dc98142ca2b677982a28c8b707b1a3bcb8d8344bfac7e2e338039b735daf0c4b53e2229fcdbd327c899043e1945dada26674
SSDEEP

6144:RDlwz2Eu+yV2PL9JhCkjKV6MG31luID8NLJTPxhMbmNPjiiSen:RWMs0+z8tJTZhMii8

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2600	2660	WerFault.exe	27

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2660	fe22ccef0643330f1b6875fb688dae9d_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2600	2660	fe22ccef0643330f1b6875fb688dae9d_JaffaCakes118.exe	28
PID 2660 wrote to memory of 2600	2660	fe22ccef0643330f1b6875fb688dae9d_JaffaCakes118.exe	28
PID 2660 wrote to memory of 2600	2660	fe22ccef0643330f1b6875fb688dae9d_JaffaCakes118.exe	28
PID 2660 wrote to memory of 2600	2660	fe22ccef0643330f1b6875fb688dae9d_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\fe22ccef0643330f1b6875fb688dae9d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fe22ccef0643330f1b6875fb688dae9d_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 188
  2⤵
  - Program crash
  PID:2600