c69d7f09374b8475dcb1143e76ac228003a4961c1e0c5264e824ee7b68f877b0

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 12:31

Target

1604019f0dc01d2b26bb5860eb7e2139_JaffaCakes118.exe
Size

123KB
MD5

1604019f0dc01d2b26bb5860eb7e2139
SHA1

7cfc7dde93294d64a0a9dce633c95bf7091f549c
SHA256

c69d7f09374b8475dcb1143e76ac228003a4961c1e0c5264e824ee7b68f877b0
SHA512

94bebb6faddb81ca5bb792db9185e70a08dded5b374117e75e44eb9a5afbaca6d6a7ab51f72526f9c58bafff35d93e8cc779e9b298bea59d6febff24be200438
SSDEEP

3072:ZMsRCP4BP+Y393v/NGmhTT9pKKNqzkz1EamzA82B:ZVRETYN/g4TDKKmkZEaiu

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2100	1988	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 2100	1988	1604019f0dc01d2b26bb5860eb7e2139_JaffaCakes118.exe	28
PID 1988 wrote to memory of 2100	1988	1604019f0dc01d2b26bb5860eb7e2139_JaffaCakes118.exe	28
PID 1988 wrote to memory of 2100	1988	1604019f0dc01d2b26bb5860eb7e2139_JaffaCakes118.exe	28
PID 1988 wrote to memory of 2100	1988	1604019f0dc01d2b26bb5860eb7e2139_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\1604019f0dc01d2b26bb5860eb7e2139_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1604019f0dc01d2b26bb5860eb7e2139_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 36
  2⤵
  - Program crash
  PID:2100

memory/1988-0-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/1988-1-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download