90a66767c5bd1a6e787af0be34fcc4070521f8f42f0c8f18ef2ec2c44db2dcfe

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 22:44

Target

0fcdeef8b097e5736ee07464ffb0ffa4_JaffaCakes118.exe
Size

544KB
MD5

0fcdeef8b097e5736ee07464ffb0ffa4
SHA1

f6fd6f149f213e5c5ca129676ba70c6f13d31dad
SHA256

90a66767c5bd1a6e787af0be34fcc4070521f8f42f0c8f18ef2ec2c44db2dcfe
SHA512

9899a4466db0585ed59b92ab7d24cc98f7ebf8d4bbea0da70ae4e5757b03d2231c9cea76ad00f039cfec6500780e7d86bebc72d6a1b5dc88ee750e022759b646
SSDEEP

12288:yQIWT/UzJW8ivxh7vHzgryd4GT1QOoJqbbEUqe9mJd/uB28Rr8O9F8/CwM:yQI+cJHiJRTHnxhUqEhe9suB2C8O9O

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2012	1640	WerFault.exe	27

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1640	0fcdeef8b097e5736ee07464ffb0ffa4_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 2012	1640	0fcdeef8b097e5736ee07464ffb0ffa4_JaffaCakes118.exe	28
PID 1640 wrote to memory of 2012	1640	0fcdeef8b097e5736ee07464ffb0ffa4_JaffaCakes118.exe	28
PID 1640 wrote to memory of 2012	1640	0fcdeef8b097e5736ee07464ffb0ffa4_JaffaCakes118.exe	28
PID 1640 wrote to memory of 2012	1640	0fcdeef8b097e5736ee07464ffb0ffa4_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\0fcdeef8b097e5736ee07464ffb0ffa4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0fcdeef8b097e5736ee07464ffb0ffa4_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 196
  2⤵
  - Program crash
  PID:2012