63a363d28c3e2a2e54fffca23d9cc04ac1ae8c4ec8a31bd0bbae4dcb24fe6602

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 13:49

Target

1639e4cf613345b4d42c0bdffbcc3c9e_JaffaCakes118.exe
Size

32KB
MD5

1639e4cf613345b4d42c0bdffbcc3c9e
SHA1

e8ef5969627c97fae6eb19062ea2c0a4d7eaf717
SHA256

63a363d28c3e2a2e54fffca23d9cc04ac1ae8c4ec8a31bd0bbae4dcb24fe6602
SHA512

51db70bb7b14c84c583098c501421d55bfd9df85f991eb622f18525964eeb6c3f2018362596d153ca23bd593308cb5f77735895a96a71fd35e7a50f44d138442
SSDEEP

384:dZkUS1HTqgoVwkakzygRaOxDVoOdw4VqxFUC+XobLz7Dsd4aEye+xmzE:HkUS1GJ3Ppb1HTqfUC+XYMyfyv

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2808	332	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 332 wrote to memory of 2808	332	1639e4cf613345b4d42c0bdffbcc3c9e_JaffaCakes118.exe	28
PID 332 wrote to memory of 2808	332	1639e4cf613345b4d42c0bdffbcc3c9e_JaffaCakes118.exe	28
PID 332 wrote to memory of 2808	332	1639e4cf613345b4d42c0bdffbcc3c9e_JaffaCakes118.exe	28
PID 332 wrote to memory of 2808	332	1639e4cf613345b4d42c0bdffbcc3c9e_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\1639e4cf613345b4d42c0bdffbcc3c9e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1639e4cf613345b4d42c0bdffbcc3c9e_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:332
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 88
  2⤵
  - Program crash
  PID:2808

memory/332-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download