f02b47ee82c39083af142ee6b1260b8bc64eb1e75de4a73c6193c7e1280db1a9

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 19:58

Target

17544aff565b5e7dc305c3672eb0faca_JaffaCakes118.exe
Size

34KB
MD5

17544aff565b5e7dc305c3672eb0faca
SHA1

408fbcc0db07d021b7d6677b16136335a3bac11d
SHA256

f02b47ee82c39083af142ee6b1260b8bc64eb1e75de4a73c6193c7e1280db1a9
SHA512

92d54ee252c90010a5255bb322ad3bb3ff1fb7dc10f53d6348609a63a617cba1e10ae71aa52f3d5aa367a372937ffea167c86487abf95a9be20eb3a8f3b78cb3
SSDEEP

768:QBfFa5NEBIA9cOkzOntQIEhABZsBZQAOJYae:8Fa5WBIAXkzOteIYp

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2976	file1.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1804	2976	WerFault.exe	28

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2976	2460	17544aff565b5e7dc305c3672eb0faca_JaffaCakes118.exe	28
PID 2460 wrote to memory of 2976	2460	17544aff565b5e7dc305c3672eb0faca_JaffaCakes118.exe	28
PID 2460 wrote to memory of 2976	2460	17544aff565b5e7dc305c3672eb0faca_JaffaCakes118.exe	28
PID 2460 wrote to memory of 2976	2460	17544aff565b5e7dc305c3672eb0faca_JaffaCakes118.exe	28
PID 2976 wrote to memory of 1804	2976	file1.exe	29
PID 2976 wrote to memory of 1804	2976	file1.exe	29
PID 2976 wrote to memory of 1804	2976	file1.exe	29
PID 2976 wrote to memory of 1804	2976	file1.exe	29

C:\Users\Admin\AppData\Local\Temp\17544aff565b5e7dc305c3672eb0faca_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\17544aff565b5e7dc305c3672eb0faca_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2460
- C:\file1.exe
  C:\file1.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2976
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 36
    3⤵
    - Program crash
    PID:1804

C:\file1.exe

Filesize
12KB

MD5
a6a0eb0f6e0b76aab5da26154056eb53

SHA1
36634af2d7423232a412f76bcc7dab64a87601c4

SHA256
1a7c55b20650f8a6e8c4e1d5e4a418f6ada18f872d3faad038842cdaaa446477

SHA512
342eadcc09c4a8639e9653ea28b1700e35e30acc9847ef26cf1ce8ca942850817b63493390a10abcf731d1a40199aa03400b5ec665a7ae7af908c40b9403f842

Download Submit
memory/2460-7-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download