13e2a3ce3de5673f5adc2e86b568c5d151b10efa047ae8811aac668e75421176

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 12:51

Target

86d12ab12db3d8ceab70b50072f7ae07JaffaCakes118.exe
Size

615KB
MD5

86d12ab12db3d8ceab70b50072f7ae07
SHA1

13b0e70caa4a6e9691ebc720e90316f23f707be4
SHA256

13e2a3ce3de5673f5adc2e86b568c5d151b10efa047ae8811aac668e75421176
SHA512

2516a875f9547caa57b27512cb76cbf014c6c265b7793640b584f79312fe0b87c55b4e35eb8650e7e8e194c8cbcae2af00584ebf52c576121b283a204334d488
SSDEEP

12288:UXSdAJkZe8kxLsaRKTEqd818JpWG3/h8sDFnbSAe+V3tkK99999999999MA:Uy8T8kODd8uJpWgDJM+7999999999997

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1672	2400	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 1672	2400	86d12ab12db3d8ceab70b50072f7ae07JaffaCakes118.exe	28
PID 2400 wrote to memory of 1672	2400	86d12ab12db3d8ceab70b50072f7ae07JaffaCakes118.exe	28
PID 2400 wrote to memory of 1672	2400	86d12ab12db3d8ceab70b50072f7ae07JaffaCakes118.exe	28
PID 2400 wrote to memory of 1672	2400	86d12ab12db3d8ceab70b50072f7ae07JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\86d12ab12db3d8ceab70b50072f7ae07JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\86d12ab12db3d8ceab70b50072f7ae07JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 304
  2⤵
  - Program crash
  PID:1672