498135f7a78e8714e7c1c390042689b40ca82c1741e3ee6919315733cc9d0acf

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-06-2024 14:57

Target

092fa7a6b0579e0214d92e8414d8c41e_JaffaCakes118.exe
Size

78KB
MD5

092fa7a6b0579e0214d92e8414d8c41e
SHA1

1fa0b414a7be972598693cc9986f25ff60aa40b8
SHA256

498135f7a78e8714e7c1c390042689b40ca82c1741e3ee6919315733cc9d0acf
SHA512

a5877d9f456e6702f14b220036f7bd040b9525a95e1936d1b2b6d315420f318710644d96a09821c4fe153afa24d7a60a4b359eb71f88beb2bdd9b471d451e35c
SSDEEP

1536:xIspIAHzosSmeBi4JdGpgGhj+paGzWLUG9qK4ELrCp:e38zo5rE47G2GlezWLUG9qaLrCp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2156	2952	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2156	2952	092fa7a6b0579e0214d92e8414d8c41e_JaffaCakes118.exe	28
PID 2952 wrote to memory of 2156	2952	092fa7a6b0579e0214d92e8414d8c41e_JaffaCakes118.exe	28
PID 2952 wrote to memory of 2156	2952	092fa7a6b0579e0214d92e8414d8c41e_JaffaCakes118.exe	28
PID 2952 wrote to memory of 2156	2952	092fa7a6b0579e0214d92e8414d8c41e_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\092fa7a6b0579e0214d92e8414d8c41e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\092fa7a6b0579e0214d92e8414d8c41e_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 88
  2⤵
  - Program crash
  PID:2156