303ed3320d5f9d4bb282129f8491a9d753228131442b6b5d047af2228ea6928c

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 02:23

Target

0c09f5101e8d08bce301b31016749dfe_JaffaCakes118.exe
Size

173KB
MD5

0c09f5101e8d08bce301b31016749dfe
SHA1

42e74d36934ea5136bbf914d85aa93eb72596df6
SHA256

303ed3320d5f9d4bb282129f8491a9d753228131442b6b5d047af2228ea6928c
SHA512

cfe171d0fe26ff0d949751db33c58b07b220b6ff4d3cf3970a2be74cdd3d60074ece3a4da8ddb289a3ee13ab5c9154cb41ae98bfd8b0c55f0dee51d7e96b7914
SSDEEP

3072:bqh4qKgVOKrlJidWlAgzW4k7aSlVaRsPhRwyiNz5miyg99:Ghxf8WIhPhOyipciy

Score

8^/10

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\exp1orers.exe	0c09f5101e8d08bce301b31016749dfe_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2968	exp1orers.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3032	2968	WerFault.exe	28

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 3032	2968	exp1orers.exe	29
PID 2968 wrote to memory of 3032	2968	exp1orers.exe	29
PID 2968 wrote to memory of 3032	2968	exp1orers.exe	29
PID 2968 wrote to memory of 3032	2968	exp1orers.exe	29

C:\Users\Admin\AppData\Local\Temp\0c09f5101e8d08bce301b31016749dfe_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0c09f5101e8d08bce301b31016749dfe_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
PID:2944

C:\Windows\SysWOW64\drivers\exp1orers.exe
C:\Windows\SysWOW64\drivers\exp1orers.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 200
  2⤵
  - Program crash
  PID:3032

C:\Windows\SysWOW64\drivers\exp1orers.exe

Filesize
173KB

MD5
0c09f5101e8d08bce301b31016749dfe

SHA1
42e74d36934ea5136bbf914d85aa93eb72596df6

SHA256
303ed3320d5f9d4bb282129f8491a9d753228131442b6b5d047af2228ea6928c

SHA512
cfe171d0fe26ff0d949751db33c58b07b220b6ff4d3cf3970a2be74cdd3d60074ece3a4da8ddb289a3ee13ab5c9154cb41ae98bfd8b0c55f0dee51d7e96b7914

Download Submit
memory/2944-3-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2944-8-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2968-4-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download