bb9ab516e973cb2db51f3eeb64048120fea85885a5475904700555c43c21f6b6

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 18:58

Target

72efac316e1488ee2bc21003af7a135d_JaffaCakes118.exe
Size

602KB
MD5

72efac316e1488ee2bc21003af7a135d
SHA1

9ea10e3355da4fa1e9285a54ca5effb2dfb7ff50
SHA256

bb9ab516e973cb2db51f3eeb64048120fea85885a5475904700555c43c21f6b6
SHA512

a6a703da912608a9e1266a1e6d6f098fa9dea85a44e18acac2b3370d9928508c86415c09de7a64b33f808d8752ae24fa81e27236580a0792b151addb8a375194
SSDEEP

12288:Qmh0KIC9xpZj2dhfA8mRKymJ9lYZDHiNkeoWm:Nhp9xLj0OAymJKz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 2612	1612	72efac316e1488ee2bc21003af7a135d_JaffaCakes118.exe	28
PID 1612 wrote to memory of 2612	1612	72efac316e1488ee2bc21003af7a135d_JaffaCakes118.exe	28
PID 1612 wrote to memory of 2612	1612	72efac316e1488ee2bc21003af7a135d_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\72efac316e1488ee2bc21003af7a135d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\72efac316e1488ee2bc21003af7a135d_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1612 -s 732
  2⤵
  PID:2612

memory/1612-0-0x000007FEF51F3000-0x000007FEF51F4000-memory.dmp

Filesize
4KB

Download
memory/1612-1-0x0000000000230000-0x00000000002CE000-memory.dmp

Filesize
632KB

Download
memory/1612-2-0x00000000003D0000-0x0000000000428000-memory.dmp

Filesize
352KB

Download
memory/1612-3-0x000007FEF51F0000-0x000007FEF5BDC000-memory.dmp

Filesize
9.9MB

Download
memory/1612-4-0x000007FEF51F0000-0x000007FEF5BDC000-memory.dmp

Filesize
9.9MB

Download
memory/1612-5-0x000007FEF51F3000-0x000007FEF51F4000-memory.dmp

Filesize
4KB

Download
memory/1612-6-0x000007FEF51F0000-0x000007FEF5BDC000-memory.dmp

Filesize
9.9MB

Download