cbab6ff1adf2d822745051ea9c294fd01ff72a341c8a932ddddd202cd4fca80b

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 12:16

Target

2f0c999c6bab4af25f4e49885bf316cf_JaffaCakes118.exe
Size

427KB
MD5

2f0c999c6bab4af25f4e49885bf316cf
SHA1

ef78b2566c61975d12d3779852e0515ae442e335
SHA256

cbab6ff1adf2d822745051ea9c294fd01ff72a341c8a932ddddd202cd4fca80b
SHA512

1a537602398e4121e9a25c28b70f1fcab1bde3fc2d7467241a3b3ac5c25181af2e08baeeea03a4892abc97894887eaf80c8c0ce708e474821b072298e196e6d4
SSDEEP

6144:aiFUvYoYDm5v8DJtBTd8dbVTh2adDWAzuroj3zjlYL1Q3RN:aigYLm5EDJtBJ8hrlurovhfRN

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2928	2180	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2928	2180	2f0c999c6bab4af25f4e49885bf316cf_JaffaCakes118.exe	28
PID 2180 wrote to memory of 2928	2180	2f0c999c6bab4af25f4e49885bf316cf_JaffaCakes118.exe	28
PID 2180 wrote to memory of 2928	2180	2f0c999c6bab4af25f4e49885bf316cf_JaffaCakes118.exe	28
PID 2180 wrote to memory of 2928	2180	2f0c999c6bab4af25f4e49885bf316cf_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\2f0c999c6bab4af25f4e49885bf316cf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2f0c999c6bab4af25f4e49885bf316cf_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 116
  2⤵
  - Program crash
  PID:2928

memory/2180-0-0x0000000000F10000-0x0000000000F7F000-memory.dmp

Filesize
444KB

Download