768468614d4b933c23f241eaf3880075cf0343bd0a2e1427c5ad14b970ff9d37 | Triage

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 19:13

Sharing

Report Analysis Logs

General

Target

0f35651396b883768a50661ece81bcac_JaffaCakes118.exe
Size

1.1MB
MD5

0f35651396b883768a50661ece81bcac
SHA1

66601b19a9b74c779b64aed7748479541e0c64a1
SHA256

768468614d4b933c23f241eaf3880075cf0343bd0a2e1427c5ad14b970ff9d37
SHA512

243a86b8355cc7c8f332a293ad2a2447e98a078232439c7386219b58ee250316f0566accaf6e8779169535a4f001ba3a38e46301ed747a864ebf91f7284f7b8a
SSDEEP

24576:y8Sl+glAnll+lkVi5yuUpeMc32Qb6j/ugbO:ynqnU

Score

6^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3296	1048	WerFault.exe	82

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1180 set thread context of 1048	1180	0f35651396b883768a50661ece81bcac_JaffaCakes118.exe	82

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 1048	1180	0f35651396b883768a50661ece81bcac_JaffaCakes118.exe	82
PID 1180 wrote to memory of 1048	1180	0f35651396b883768a50661ece81bcac_JaffaCakes118.exe	82
PID 1180 wrote to memory of 1048	1180	0f35651396b883768a50661ece81bcac_JaffaCakes118.exe	82
PID 1180 wrote to memory of 1048	1180	0f35651396b883768a50661ece81bcac_JaffaCakes118.exe	82
PID 1180 wrote to memory of 1048	1180	0f35651396b883768a50661ece81bcac_JaffaCakes118.exe	82
PID 1180 wrote to memory of 1048	1180	0f35651396b883768a50661ece81bcac_JaffaCakes118.exe	82
PID 1180 wrote to memory of 1048	1180	0f35651396b883768a50661ece81bcac_JaffaCakes118.exe	82
PID 1180 wrote to memory of 1048	1180	0f35651396b883768a50661ece81bcac_JaffaCakes118.exe	82
PID 1180 wrote to memory of 1048	1180	0f35651396b883768a50661ece81bcac_JaffaCakes118.exe	82
PID 1180 wrote to memory of 1048	1180	0f35651396b883768a50661ece81bcac_JaffaCakes118.exe	82
PID 1180 wrote to memory of 1048	1180	0f35651396b883768a50661ece81bcac_JaffaCakes118.exe	82
PID 1180 wrote to memory of 1048	1180	0f35651396b883768a50661ece81bcac_JaffaCakes118.exe	82
PID 1180 wrote to memory of 1048	1180	0f35651396b883768a50661ece81bcac_JaffaCakes118.exe	82

C:\Users\Admin\AppData\Local\Temp\0f35651396b883768a50661ece81bcac_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0f35651396b883768a50661ece81bcac_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  PID:1048
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 12
    3⤵
    - Program crash
    PID:3296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1048 -ip 1048
1⤵
PID:936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1048-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1180-2-0x0000000010000000-0x000000001012C000-memory.dmp

Filesize
1.2MB

Download