7c19e4521e9045b8dfadf8f75f8fac3783204440b56a4a44e61357bd81e5e5fe

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 16:27

Target

47053d093203bc64ab0899d7e324aa02_JaffaCakes118.exe
Size

459KB
MD5

47053d093203bc64ab0899d7e324aa02
SHA1

82f20dbba64b203c0b67c9a359e4792c2ea5dcc1
SHA256

7c19e4521e9045b8dfadf8f75f8fac3783204440b56a4a44e61357bd81e5e5fe
SHA512

00b6fea4305400f5ab408a1cba35be88004cbe706f27c88e3a316b34ac3e43af530b5cbb94dea10e34849e2481b511dc0d87fe6b9c0e646bfbb8d89adc9dccb1
SSDEEP

768:sSWF3SgG6B2rdcl5/7bVMfhZiomspC9xLB9ygzsHWRmyvZz:sH3SgG6UcL72fX2X9zsHVe

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2576	2072	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2576	2072	47053d093203bc64ab0899d7e324aa02_JaffaCakes118.exe	29
PID 2072 wrote to memory of 2576	2072	47053d093203bc64ab0899d7e324aa02_JaffaCakes118.exe	29
PID 2072 wrote to memory of 2576	2072	47053d093203bc64ab0899d7e324aa02_JaffaCakes118.exe	29
PID 2072 wrote to memory of 2576	2072	47053d093203bc64ab0899d7e324aa02_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\47053d093203bc64ab0899d7e324aa02_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\47053d093203bc64ab0899d7e324aa02_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 556
  2⤵
  - Program crash
  PID:2576

memory/2072-0-0x00000000747CE000-0x00000000747CF000-memory.dmp

Filesize
4KB

Download
memory/2072-1-0x00000000003B0000-0x000000000042A000-memory.dmp

Filesize
488KB

Download