10e64d9114273042b92a19d7a785a99f2c18a2c40444663bee9fe672c8b0145c

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 13:31

Target

2f5a82adab7ea58882a9862934d434cb_JaffaCakes118.exe
Size

216KB
MD5

2f5a82adab7ea58882a9862934d434cb
SHA1

e34f167985a4a5b30cbce0e2588a95aab1f4c8e5
SHA256

10e64d9114273042b92a19d7a785a99f2c18a2c40444663bee9fe672c8b0145c
SHA512

a21fb4437ba6a5bdb1aa692d990eedeecd2cb1c59843d5b98d420be5df6034378789795d8cc2c9de5f88a847099d941adee7c5fc879ef8de74c171b1811d4c7c
SSDEEP

3072:RBf/D27DaOAFYEAzr7A6SZ5TGd8dqAWV1/e6U6VR+6M5UVdx/UqJD34ZuGDgYr6F:DfKiOAcXgqbvlJmL5UVdfIuBYrDB7PqD

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2916	2724	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2916	2724	2f5a82adab7ea58882a9862934d434cb_JaffaCakes118.exe	29
PID 2724 wrote to memory of 2916	2724	2f5a82adab7ea58882a9862934d434cb_JaffaCakes118.exe	29
PID 2724 wrote to memory of 2916	2724	2f5a82adab7ea58882a9862934d434cb_JaffaCakes118.exe	29
PID 2724 wrote to memory of 2916	2724	2f5a82adab7ea58882a9862934d434cb_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\2f5a82adab7ea58882a9862934d434cb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2f5a82adab7ea58882a9862934d434cb_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 104
  2⤵
  - Program crash
  PID:2916

memory/2724-0-0x00000000008C0000-0x00000000008CD000-memory.dmp

Filesize
52KB

Download
memory/2724-1-0x00000000008C0000-0x00000000008CD000-memory.dmp

Filesize
52KB

Download