Analysis
-
max time kernel
140s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 17:43
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
55ffe018217e8cdde891133f41a7b22d_JaffaCakes118.exe
Resource
win7-20240215-en
13 signatures
150 seconds
Behavioral task
behavioral2
Sample
55ffe018217e8cdde891133f41a7b22d_JaffaCakes118.exe
Resource
win10v2004-20240508-en
3 signatures
150 seconds
General
-
Target
55ffe018217e8cdde891133f41a7b22d_JaffaCakes118.exe
-
Size
280KB
-
MD5
55ffe018217e8cdde891133f41a7b22d
-
SHA1
b3ed8200e109995eda3e2890590a178bd9003bbd
-
SHA256
5405b2fa05629ab2428d27fbca090291ec0c6aeac7db047f173389c78045e2a3
-
SHA512
fc59f92163c8fe346c8950650acdceb77887fa42b5d947f2d7e88c3b5c5584c1528c044a8a3666c75e95c020fe0d55fc7f18d2318af6c48de9ccbcb8b49aa3bd
-
SSDEEP
6144:uFOHQ2pwEABfJg8tCzY9WntCHUJjJMqntbOnqM:Vw2pwFRgACz4WntBQqM
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 4792 set thread context of 4936 4792 55ffe018217e8cdde891133f41a7b22d_JaffaCakes118.exe 83 -
Program crash 1 IoCs
pid pid_target Process procid_target 4132 4936 WerFault.exe 83 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 4792 wrote to memory of 4936 4792 55ffe018217e8cdde891133f41a7b22d_JaffaCakes118.exe 83 PID 4792 wrote to memory of 4936 4792 55ffe018217e8cdde891133f41a7b22d_JaffaCakes118.exe 83 PID 4792 wrote to memory of 4936 4792 55ffe018217e8cdde891133f41a7b22d_JaffaCakes118.exe 83 PID 4792 wrote to memory of 4936 4792 55ffe018217e8cdde891133f41a7b22d_JaffaCakes118.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\55ffe018217e8cdde891133f41a7b22d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\55ffe018217e8cdde891133f41a7b22d_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4792 -
C:\Users\Admin\AppData\Local\Temp\55ffe018217e8cdde891133f41a7b22d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\55ffe018217e8cdde891133f41a7b22d_JaffaCakes118.exe"2⤵PID:4936
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 803⤵
- Program crash
PID:4132
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4936 -ip 49361⤵PID:348