414827656b8ff8c401db2f34db34a50872ac93d292bce52358b901fbc7aa8dca

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 12:48

Target

ae80242d735df3029d265dfbada057d9_JaffaCakes118.exe
Size

272KB
MD5

ae80242d735df3029d265dfbada057d9
SHA1

0323d16d4d93ab0db9a44a8650b7f316e2f447fe
SHA256

414827656b8ff8c401db2f34db34a50872ac93d292bce52358b901fbc7aa8dca
SHA512

377dd57854615b6526eacfbc3f1b6f6c8edafca3a017d6c987bdf5e434540d0e8a0cefadf426aee883ddf84b255145b99ec74b78ae892af16b0fea183778ea4b
SSDEEP

1536:IxNMUrYmT143/KZVvCkeRuCr62MeGcZD6vDCeUbUrYmT143/KZVvCkeRuCr62K:4NMYTauGruUitUbYTauGrE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2584	1468	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1468	ae80242d735df3029d265dfbada057d9_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 2584	1468	ae80242d735df3029d265dfbada057d9_JaffaCakes118.exe	28
PID 1468 wrote to memory of 2584	1468	ae80242d735df3029d265dfbada057d9_JaffaCakes118.exe	28
PID 1468 wrote to memory of 2584	1468	ae80242d735df3029d265dfbada057d9_JaffaCakes118.exe	28
PID 1468 wrote to memory of 2584	1468	ae80242d735df3029d265dfbada057d9_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\ae80242d735df3029d265dfbada057d9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ae80242d735df3029d265dfbada057d9_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 1208
  2⤵
  - Program crash
  PID:2584

memory/1468-0-0x0000000074D6E000-0x0000000074D6F000-memory.dmp

Filesize
4KB

Download
memory/1468-1-0x0000000000FF0000-0x000000000103A000-memory.dmp

Filesize
296KB

Download
memory/1468-2-0x0000000074D60000-0x000000007544E000-memory.dmp

Filesize
6.9MB

Download
memory/1468-3-0x0000000074D6E000-0x0000000074D6F000-memory.dmp

Filesize
4KB

Download
memory/1468-4-0x0000000074D60000-0x000000007544E000-memory.dmp

Filesize
6.9MB

Download