496968ca5391d12c88b93b35c966ae3a1b7db8d59d08f556cb487e25ed7354ec

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 00:35

Target

2c79a812c30a7f542d652ffa5ded94e8_JaffaCakes118.exe
Size

4.0MB
MD5

2c79a812c30a7f542d652ffa5ded94e8
SHA1

e61f60b11cc99eab2dc9c0a7c0292d1c08e9d5ac
SHA256

496968ca5391d12c88b93b35c966ae3a1b7db8d59d08f556cb487e25ed7354ec
SHA512

34afe08535849909a8c692037b97d3da75b33aec2908668648dd344cb7d87543c1b75f08dfe36ac684619407e7ab4d45fc0fa8244e899a336d663b86c48ce9a3
SSDEEP

49152:IfwWxKxQGF3J+Exst6upmvWN2Wrq/859+Z23YCzQQS:uxi33J+G2pm+4W2/NCbM

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2936	2488	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2936	2488	2c79a812c30a7f542d652ffa5ded94e8_JaffaCakes118.exe	28
PID 2488 wrote to memory of 2936	2488	2c79a812c30a7f542d652ffa5ded94e8_JaffaCakes118.exe	28
PID 2488 wrote to memory of 2936	2488	2c79a812c30a7f542d652ffa5ded94e8_JaffaCakes118.exe	28
PID 2488 wrote to memory of 2936	2488	2c79a812c30a7f542d652ffa5ded94e8_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\2c79a812c30a7f542d652ffa5ded94e8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2c79a812c30a7f542d652ffa5ded94e8_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 520
  2⤵
  - Program crash
  PID:2936

memory/2488-0-0x000000007496E000-0x000000007496F000-memory.dmp

Filesize
4KB

Download
memory/2488-1-0x0000000000280000-0x000000000067A000-memory.dmp

Filesize
4.0MB

Download
memory/2488-2-0x000000007496E000-0x000000007496F000-memory.dmp

Filesize
4KB

Download