e70bfe82bb7506c4fdd23208ff4b590c8ca794d54f97fdf3b91d52e81494acc8

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
21-04-2024 09:43

Target

feff0c4c41edc79e0ca11e5ea2ac24d3_JaffaCakes118.exe
Size

103KB
MD5

feff0c4c41edc79e0ca11e5ea2ac24d3
SHA1

8df8e82e709fdb97e6a1e81258f57e7dd49c6358
SHA256

e70bfe82bb7506c4fdd23208ff4b590c8ca794d54f97fdf3b91d52e81494acc8
SHA512

40e6a948aab4c36e8cbb1c9fcd09c6c90421d12bdb8008f88e34c6502396367ed56da6829f89e543a11050ba7a25bd2bad82014e0a7f3f7455c59a6e5be8988b
SSDEEP

1536:hVGmc58YlO3EatgeAvh5srqw/Fyf/ppRDJW:hYmqlqVqTvbsOaFyfxrJW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
400	2356	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 400	2356	feff0c4c41edc79e0ca11e5ea2ac24d3_JaffaCakes118.exe	28
PID 2356 wrote to memory of 400	2356	feff0c4c41edc79e0ca11e5ea2ac24d3_JaffaCakes118.exe	28
PID 2356 wrote to memory of 400	2356	feff0c4c41edc79e0ca11e5ea2ac24d3_JaffaCakes118.exe	28
PID 2356 wrote to memory of 400	2356	feff0c4c41edc79e0ca11e5ea2ac24d3_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\feff0c4c41edc79e0ca11e5ea2ac24d3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\feff0c4c41edc79e0ca11e5ea2ac24d3_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 44
  2⤵
  - Program crash
  PID:400

memory/2356-0-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2356-1-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download