24071cb5fe9165bf438776aa0c02d8c57745165081d5e0e7feace34819fe7a6a

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 22:10

Target

b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe
Size

46KB
MD5

b56dd8c2abce8077d62a276e3497ce96
SHA1

0e0a3abed79cee281a95233a514d71796ca17d9b
SHA256

24071cb5fe9165bf438776aa0c02d8c57745165081d5e0e7feace34819fe7a6a
SHA512

ca2d98a32042a23e060e0cd966720db559ea281c5c32910259b41d43f992697a684fe14badab645277b72e11885fcde46a69a47934067e72962be2331faf2ffd
SSDEEP

768:MCCn3g/+4o+PW+zbWDLYtlQYqIJgSDqUSz9fkDjhdEzd:MCCn3g/z7/WDLYzZ+USxfkDjhY

Score

5^/10

Drops file in System32 directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\dsound.dll	b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\DllCache\dsound.dllvVqWF	b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\DllCache\dsound.dll	b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\dsound.dllvVqWF	b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\dsound.dll.mod	b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dsound.dll.mod	b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dsound.dllvVqWF	b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system\vVqWF.DRV	b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2944	2332	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2332	b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2944	2332	b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe	28
PID 2332 wrote to memory of 2944	2332	b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe	28
PID 2332 wrote to memory of 2944	2332	b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe	28
PID 2332 wrote to memory of 2944	2332	b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 96
  2⤵
  - Program crash
  PID:2944

C:\Users\Admin\AppData\Local\Temp\vVqWF.DRV

Filesize
32KB

MD5
dc1a5b37b9f5250acfa900b63bae8c67

SHA1
20a74a918b6fad06bbb4c0e99dc417b8cc579a67

SHA256
18bac98e82544f9f3aae55e73255bfdc64cc03b985192bbd7231e95f20b37a1b

SHA512
f2c88b5779b7847b46f0a7de3fbf7665a844c111bf273e8c7d3efa7644cffb412c9299eb45bbe0ad7266cc8e458567ef44805cceaebe64bdda18e70577c062ca

Download Submit