37c929486b8a143bb7d5d1554da7d886513b1ef27e20dd32f0c84fa0a8f3c979

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-04-2024 20:10

Target

05fa082dc6ed9d00e9e51c7555916657_JaffaCakes118.exe
Size

367KB
MD5

05fa082dc6ed9d00e9e51c7555916657
SHA1

95250a2f1a063a907eb8dd6adbfdbaa603445f9a
SHA256

37c929486b8a143bb7d5d1554da7d886513b1ef27e20dd32f0c84fa0a8f3c979
SHA512

765b32cf1f762108c04ca04fe6422bfe4c19e346715a6b00d09f165f63b3f9fb77f6ac0f6d0dd00f0b5c33d87758c26f227b87f326240c82752355d0c40c3feb
SSDEEP

6144:rpEcAd/Mm5ZkyUneRTnJOmQ4W4/6zA5K0TzJRCp4xRvKUllD/W13+E:rTAOm5eyUnJmCzAXTzJR3RvK6lCwE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2360	756	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 756 wrote to memory of 2360	756	05fa082dc6ed9d00e9e51c7555916657_JaffaCakes118.exe	28
PID 756 wrote to memory of 2360	756	05fa082dc6ed9d00e9e51c7555916657_JaffaCakes118.exe	28
PID 756 wrote to memory of 2360	756	05fa082dc6ed9d00e9e51c7555916657_JaffaCakes118.exe	28
PID 756 wrote to memory of 2360	756	05fa082dc6ed9d00e9e51c7555916657_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\05fa082dc6ed9d00e9e51c7555916657_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\05fa082dc6ed9d00e9e51c7555916657_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:756
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 116
  2⤵
  - Program crash
  PID:2360

memory/756-0-0x0000000000F40000-0x0000000000FA0000-memory.dmp

Filesize
384KB

Download