Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
20-06-2024 06:41
Behavioral task
behavioral1
Sample
03b9785568f7a6fd0b5a1f4ea78452c1_JaffaCakes118.exe
Resource
win7-20231129-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
03b9785568f7a6fd0b5a1f4ea78452c1_JaffaCakes118.exe
Resource
win10v2004-20240508-en
9 signatures
150 seconds
General
-
Target
03b9785568f7a6fd0b5a1f4ea78452c1_JaffaCakes118.exe
-
Size
232KB
-
MD5
03b9785568f7a6fd0b5a1f4ea78452c1
-
SHA1
282c2f00bf6f475826e721b40ca79318d60145af
-
SHA256
25705af0a5b07fd75329f3f060a77849aab5c4a2bb93c4d3d5b4e30cdc7c5493
-
SHA512
41fd7866e09a36884680eaf2ef5e5d07b7849077a831b4686ba08293d007d0be7f86d4bccd83a7d39cf27dfcbf818b4536ce673ec481d62cbd187bdf6b29f3af
-
SSDEEP
6144:YkbtRFd4KupxxrYFOJghXs+q8Fpg7gQ8+:YkbtRFzun6KN8Fpgh
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2892 2232 WerFault.exe 03b9785568f7a6fd0b5a1f4ea78452c1_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
03b9785568f7a6fd0b5a1f4ea78452c1_JaffaCakes118.exedescription pid process target process PID 2232 wrote to memory of 2892 2232 03b9785568f7a6fd0b5a1f4ea78452c1_JaffaCakes118.exe WerFault.exe PID 2232 wrote to memory of 2892 2232 03b9785568f7a6fd0b5a1f4ea78452c1_JaffaCakes118.exe WerFault.exe PID 2232 wrote to memory of 2892 2232 03b9785568f7a6fd0b5a1f4ea78452c1_JaffaCakes118.exe WerFault.exe PID 2232 wrote to memory of 2892 2232 03b9785568f7a6fd0b5a1f4ea78452c1_JaffaCakes118.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\03b9785568f7a6fd0b5a1f4ea78452c1_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\03b9785568f7a6fd0b5a1f4ea78452c1_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2232 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 962⤵
- Program crash
PID:2892