Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27-04-2024 22:48
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
03cd677ade795523079550780796e17f_JaffaCakes118.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
03cd677ade795523079550780796e17f_JaffaCakes118.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
03cd677ade795523079550780796e17f_JaffaCakes118.exe
-
Size
226KB
-
MD5
03cd677ade795523079550780796e17f
-
SHA1
0958a177a5ccae58bfa36283d543cafb57ea0d20
-
SHA256
155f8eabfe25025ab066898838f32f266641e947863db373b9b699d2c76407a1
-
SHA512
609beb89ee59cbc2adf1a6ed58ed4c26c311d7073c5c7a081e38c7d7dde7a049c4e6f9ebc04f73105cd86ea4681344aec72791fde29bfc38332c9c517a603063
-
SSDEEP
6144:GH8U95EB1TQ5iW3lf5k3ExI5DsG/CjB5R6IbPoFFWiWb:S8U9SB1ToR3Z5k0xI5DspjBX6KPSFQb
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2808 2756 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2756 wrote to memory of 2808 2756 03cd677ade795523079550780796e17f_JaffaCakes118.exe 28 PID 2756 wrote to memory of 2808 2756 03cd677ade795523079550780796e17f_JaffaCakes118.exe 28 PID 2756 wrote to memory of 2808 2756 03cd677ade795523079550780796e17f_JaffaCakes118.exe 28 PID 2756 wrote to memory of 2808 2756 03cd677ade795523079550780796e17f_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\03cd677ade795523079550780796e17f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\03cd677ade795523079550780796e17f_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2756 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 1002⤵
- Program crash
PID:2808
-