f4e51f1737ab1013f9f45465b7c68d74096b6bb2b7e03fc5506321d987fd5144

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
21-04-2024 16:50

Target

ffbc94a88f6dfaa56a9ccfba40a95d2d_JaffaCakes118.exe
Size

2.3MB
MD5

ffbc94a88f6dfaa56a9ccfba40a95d2d
SHA1

56f4c2c515f765c020795d4f08d589449b30ca7b
SHA256

f4e51f1737ab1013f9f45465b7c68d74096b6bb2b7e03fc5506321d987fd5144
SHA512

2ef4db6d35f25b4ace8c8ce44f2ea2653b0b8ae40ae02bb1a5316e4dac1d07dce1b02669df85cb90f0ef24f57d94de42077cc64849e3f582a2a6e998d39d6a1d
SSDEEP

49152:l0g7mM+M6RkMkIM7I067SlYvoGxUSJpXDwZqhaK6zbfqdl:EM+M6RkMkIM7zsRXEx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2756	2028	ffbc94a88f6dfaa56a9ccfba40a95d2d_JaffaCakes118.exe	28
PID 2028 wrote to memory of 2756	2028	ffbc94a88f6dfaa56a9ccfba40a95d2d_JaffaCakes118.exe	28
PID 2028 wrote to memory of 2756	2028	ffbc94a88f6dfaa56a9ccfba40a95d2d_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\ffbc94a88f6dfaa56a9ccfba40a95d2d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ffbc94a88f6dfaa56a9ccfba40a95d2d_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2028 -s 192
  2⤵
  PID:2756