f52f5a4f04627122f65d20cb5dce4b3ff47a4fa5f5e4c51c81de0868091e7522

Analysis

max time kernel
140s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
24-06-2024 10:59

Target

081d1d74b61c523ad2de6651574a0e8f_JaffaCakes118.exe
Size

14KB
MD5

081d1d74b61c523ad2de6651574a0e8f
SHA1

dc4624dafb5f42df026c4ce38664948da813c4f3
SHA256

f52f5a4f04627122f65d20cb5dce4b3ff47a4fa5f5e4c51c81de0868091e7522
SHA512

205379e06816b6ed1a6033c043299c58fb72615eb3e624460248954ea46c5df869b710f82a4887b955faaf137c0f66628fef5f7f8e31fb58b91a947490cfe46f
SSDEEP

384:xIrhZJ4C2RMq2JOadHOf2IsLKGBcPl7wAlj3evsO:xIrt2SqJaCCuplMAJ3evsO

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2444	2200	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2444	2200	081d1d74b61c523ad2de6651574a0e8f_JaffaCakes118.exe	28
PID 2200 wrote to memory of 2444	2200	081d1d74b61c523ad2de6651574a0e8f_JaffaCakes118.exe	28
PID 2200 wrote to memory of 2444	2200	081d1d74b61c523ad2de6651574a0e8f_JaffaCakes118.exe	28
PID 2200 wrote to memory of 2444	2200	081d1d74b61c523ad2de6651574a0e8f_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\081d1d74b61c523ad2de6651574a0e8f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\081d1d74b61c523ad2de6651574a0e8f_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 36
  2⤵
  - Program crash
  PID:2444

memory/2200-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download