f67652adbe1129cf52cf352847f5134cd44f43afe59d7c3fa6b5f0bedfac29b2

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 15:44

Target

07698a4b9204c1f1d7a890ab2850123f_JaffaCakes118.exe
Size

49KB
MD5

07698a4b9204c1f1d7a890ab2850123f
SHA1

3c563ec0c05738c5817bec0b1d80538339ecf244
SHA256

f67652adbe1129cf52cf352847f5134cd44f43afe59d7c3fa6b5f0bedfac29b2
SHA512

99446d7e518199772ba1e1848835f68294644e1f851a8398b20862c17e9467ec4e518b87dce4252c09e3b7c8972cd8a1a6e3c2ab1d191107c9b1cea6104804f2
SSDEEP

768:s/3YaJPKMdPXUHhe/yDDZ7ebjhcIeYMlN3rrM17+n6G68ZqMH0UFJ:svlJPKM5UHhesZ7wCYwNsljGhYUX

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2440	2024	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2440	2024	07698a4b9204c1f1d7a890ab2850123f_JaffaCakes118.exe	28
PID 2024 wrote to memory of 2440	2024	07698a4b9204c1f1d7a890ab2850123f_JaffaCakes118.exe	28
PID 2024 wrote to memory of 2440	2024	07698a4b9204c1f1d7a890ab2850123f_JaffaCakes118.exe	28
PID 2024 wrote to memory of 2440	2024	07698a4b9204c1f1d7a890ab2850123f_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\07698a4b9204c1f1d7a890ab2850123f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\07698a4b9204c1f1d7a890ab2850123f_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 152
  2⤵
  - Program crash
  PID:2440

memory/2024-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2024-1-0x00000000003A0000-0x00000000003A5000-memory.dmp

Filesize
20KB

Download
memory/2024-2-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download