ccba8c7bca8ea43eb2f48144405978a6cee6fb3972d879c496432f4b962f00f3

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 18:37

Target

08b57e9d5f73425036289a92d26ca3a7_JaffaCakes118.exe
Size

60KB
MD5

08b57e9d5f73425036289a92d26ca3a7
SHA1

39bf6ab358bec7073df508fd9c18131adea9d6bf
SHA256

ccba8c7bca8ea43eb2f48144405978a6cee6fb3972d879c496432f4b962f00f3
SHA512

addbf78f266a32557e44bec0a849e5d33d27fa219a1ba710df8da7d63988f760b86d749b182dbfcdafdefe835143815f33290db1f0bf19b2b76d7c7021032b7f
SSDEEP

768:Lih+Zmcc7ir+q2MP92T/Sk+tvDg1FSOEPHS9Tc2SB4Rm3R:LiEwccu+IlbE/EPHS9c28

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2084	123.exe

Loads dropped DLL 5 IoCs

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2608	2084	WerFault.exe	28
2676	1764	WerFault.exe	27

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1764	08b57e9d5f73425036289a92d26ca3a7_JaffaCakes118.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1764	08b57e9d5f73425036289a92d26ca3a7_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 2084	1764	08b57e9d5f73425036289a92d26ca3a7_JaffaCakes118.exe	28
PID 1764 wrote to memory of 2084	1764	08b57e9d5f73425036289a92d26ca3a7_JaffaCakes118.exe	28
PID 1764 wrote to memory of 2084	1764	08b57e9d5f73425036289a92d26ca3a7_JaffaCakes118.exe	28
PID 1764 wrote to memory of 2084	1764	08b57e9d5f73425036289a92d26ca3a7_JaffaCakes118.exe	28
PID 2084 wrote to memory of 2608	2084	123.exe	29
PID 2084 wrote to memory of 2608	2084	123.exe	29
PID 2084 wrote to memory of 2608	2084	123.exe	29
PID 2084 wrote to memory of 2608	2084	123.exe	29
PID 1764 wrote to memory of 2676	1764	08b57e9d5f73425036289a92d26ca3a7_JaffaCakes118.exe	30
PID 1764 wrote to memory of 2676	1764	08b57e9d5f73425036289a92d26ca3a7_JaffaCakes118.exe	30
PID 1764 wrote to memory of 2676	1764	08b57e9d5f73425036289a92d26ca3a7_JaffaCakes118.exe	30
PID 1764 wrote to memory of 2676	1764	08b57e9d5f73425036289a92d26ca3a7_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\08b57e9d5f73425036289a92d26ca3a7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\08b57e9d5f73425036289a92d26ca3a7_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Users\Admin\AppData\Local\Temp\123.exe
  C:\Users\Admin\AppData\Local\Temp\\123.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2084
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 36
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2608
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 44
  2⤵
  - Program crash
  PID:2676

\Users\Admin\AppData\Local\Temp\123.exe

Filesize
9KB

MD5
2599d7d285edeee81a5dc8636deba5b3

SHA1
ad631fe0b1f6728a6932539070b93a1ffd2ad2c8

SHA256
9da138e5d72265e342be0ab2a4ac33ca4263c1a964cd9ada261b9bf76420c5d0

SHA512
b99dcee498835920502c133151a2efa16a1330b970fa01d2162d0c1d2741f68a641fcdbdfa8f982deeed2311f20ff4916ffcceea826c14f54ae2ac43b2fe000d

Download Submit
memory/1764-0-0x0000000000320000-0x0000000000336000-memory.dmp

Filesize
88KB

Download
memory/1764-2-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1764-19-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2084-17-0x0000000000400000-0x0000000000402600-memory.dmp

Filesize
9KB

Download