26ec8ea68eca0d4626bbd1dc76fead90d8355736c6585f1111c96027fbc2692b

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 11:57

Target

0dfaa7f10ae2a8067e2a1f976ce1d9da_JaffaCakes118.exe
Size

68KB
MD5

0dfaa7f10ae2a8067e2a1f976ce1d9da
SHA1

99b95d32b5175722d43b5c668708a929573a69ae
SHA256

26ec8ea68eca0d4626bbd1dc76fead90d8355736c6585f1111c96027fbc2692b
SHA512

571ff032a67c1112231c7cbd6d17512bdd6bc86608e0776ce1c3b3c0827bcde9e276adf0290edaa9763e88d7b56d1f26b0eacd72cbacc6d2d5e3be483a8e115a
SSDEEP

1536:XP7LRKwkSkbTBKSN9WCFflhv+TGq/2dpLoT2lQ/VP/qe:HoqkbTRHXQiquMqidCe

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1636	1576	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 1636	1576	0dfaa7f10ae2a8067e2a1f976ce1d9da_JaffaCakes118.exe	28
PID 1576 wrote to memory of 1636	1576	0dfaa7f10ae2a8067e2a1f976ce1d9da_JaffaCakes118.exe	28
PID 1576 wrote to memory of 1636	1576	0dfaa7f10ae2a8067e2a1f976ce1d9da_JaffaCakes118.exe	28
PID 1576 wrote to memory of 1636	1576	0dfaa7f10ae2a8067e2a1f976ce1d9da_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\0dfaa7f10ae2a8067e2a1f976ce1d9da_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0dfaa7f10ae2a8067e2a1f976ce1d9da_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 148
  2⤵
  - Program crash
  PID:1636