f81144981390a3f1affd03deec5beee1aa35cd03a9c934270df70ee6e41244d2

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 08:44

Target

155eb18ddc435638627c4f6c16bec5f3_JaffaCakes118.exe
Size

210KB
MD5

155eb18ddc435638627c4f6c16bec5f3
SHA1

4db4037df996d2c70a7deb6f60cdff88b2b65389
SHA256

f81144981390a3f1affd03deec5beee1aa35cd03a9c934270df70ee6e41244d2
SHA512

4860d15a7019c38c85f585387ccec236e31b038cf492e5219f36b3bd6b7ee8c9e6a61a722076e461bb9f301efd2ddce7b8b2a4d0cbcd4c0a17642cd2e40a512f
SSDEEP

6144:7AhLVS/7R20UPHx18p7I9IC84yqauU5CZEX0:71rUHxKlI99PauUoZO0

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 1992	1652	155eb18ddc435638627c4f6c16bec5f3_JaffaCakes118.exe	28
PID 1652 wrote to memory of 1992	1652	155eb18ddc435638627c4f6c16bec5f3_JaffaCakes118.exe	28
PID 1652 wrote to memory of 1992	1652	155eb18ddc435638627c4f6c16bec5f3_JaffaCakes118.exe	28
PID 1652 wrote to memory of 2168	1652	155eb18ddc435638627c4f6c16bec5f3_JaffaCakes118.exe	29
PID 1652 wrote to memory of 2168	1652	155eb18ddc435638627c4f6c16bec5f3_JaffaCakes118.exe	29
PID 1652 wrote to memory of 2168	1652	155eb18ddc435638627c4f6c16bec5f3_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\155eb18ddc435638627c4f6c16bec5f3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\155eb18ddc435638627c4f6c16bec5f3_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 400
  2⤵
  PID:1992
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1652 -s 408
  2⤵
  PID:2168

memory/1652-0-0x000007FEF57CE000-0x000007FEF57CF000-memory.dmp

Filesize
4KB

Download
memory/1652-1-0x0000000000300000-0x0000000000308000-memory.dmp

Filesize
32KB

Download
memory/1652-2-0x000007FEF5510000-0x000007FEF5EAD000-memory.dmp

Filesize
9.6MB

Download
memory/1652-3-0x000007FEF5510000-0x000007FEF5EAD000-memory.dmp

Filesize
9.6MB

Download
memory/1652-4-0x000007FEF5510000-0x000007FEF5EAD000-memory.dmp

Filesize
9.6MB

Download
memory/1652-5-0x000007FEF57CE000-0x000007FEF57CF000-memory.dmp

Filesize
4KB

Download