133e21e07ea5741c212b8ca181b61e6255cc5c9412d7f83baa18d7eb90c2db18

Analysis

max time kernel
135s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 22:28

Target

68da20c81fba9c4c59b2979f38894352_JaffaCakes118.exe
Size

204KB
MD5

68da20c81fba9c4c59b2979f38894352
SHA1

4a1a2640746caafbf84e804142a7b6368b2c1338
SHA256

133e21e07ea5741c212b8ca181b61e6255cc5c9412d7f83baa18d7eb90c2db18
SHA512

18ce9e01bb07567602cd43c834f43d63f20881b9f02dcda86139abed013959d8a8990b4df7ad1992ac375a93658b663ad37a312f0ecbf5be102a2151fb66dfce
SSDEEP

6144:BpG4ONMNrtop6hoKNSyJD3O+Uk9qjE4k:BU7NMNr+GNZJDDUk9mb

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1020 4480 WerFault.exe 68da20c81fba9c4c59b2979f38894352_JaffaCakes118.exe

pid	pid_target	process	target process
1020	4480	WerFault.exe	68da20c81fba9c4c59b2979f38894352_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

68da20c81fba9c4c59b2979f38894352_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\68da20c81fba9c4c59b2979f38894352_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\68da20c81fba9c4c59b2979f38894352_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 584
2⤵
- Program crash
PID:1020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4480 -ip 4480
1⤵
PID:5028

memory/4480-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4480-1-0x000000000040A000-0x0000000000410000-memory.dmp

Filesize
24KB

Download
memory/4480-3-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download