8536d028b5099a05874097214d1cc394399ae1549793e452d7cd40be32644cc0

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 20:08

Target

175b896f15dbd8a76f746cb9743d17fd_JaffaCakes118.exe
Size

11KB
MD5

175b896f15dbd8a76f746cb9743d17fd
SHA1

491d5af7eda96e51fbb81f7b701bf0c165c32184
SHA256

8536d028b5099a05874097214d1cc394399ae1549793e452d7cd40be32644cc0
SHA512

4099cbe02927f0fd25705adbb2b2f01fd35081ea520070f3b8c41877bcd2c37874329f3ff375fa1626d727283b943fec79d144152d0c6d2f9661cd587663a971
SSDEEP

192:NijFTcoDT92aYoezoHAsolhldJ0E9vSJJ8B14lBEHVStR4oViBur+Po48bSHP1on:Qj9zDT4rzoHAsolhldJ0E9vSJJZpTr+K

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\12121212.ini	175b896f15dbd8a76f746cb9743d17fd_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2384	1876	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 2384	1876	175b896f15dbd8a76f746cb9743d17fd_JaffaCakes118.exe	28
PID 1876 wrote to memory of 2384	1876	175b896f15dbd8a76f746cb9743d17fd_JaffaCakes118.exe	28
PID 1876 wrote to memory of 2384	1876	175b896f15dbd8a76f746cb9743d17fd_JaffaCakes118.exe	28
PID 1876 wrote to memory of 2384	1876	175b896f15dbd8a76f746cb9743d17fd_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\175b896f15dbd8a76f746cb9743d17fd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\175b896f15dbd8a76f746cb9743d17fd_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 208
  2⤵
  - Program crash
  PID:2384