3fc81a0f105838a1e6a0e2a00a0b76b4c719bce272c2e52e6503ef8b4fdf0772

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 10:13

Target

19c0494c0c7cfc3cf908811dd00e05c3_JaffaCakes118.exe
Size

104KB
MD5

19c0494c0c7cfc3cf908811dd00e05c3
SHA1

3e98f1a14e48814714fd41fd82f13b4d402d7e7a
SHA256

3fc81a0f105838a1e6a0e2a00a0b76b4c719bce272c2e52e6503ef8b4fdf0772
SHA512

d623e7b9edc8580f364fc1489a80ca911c8f9fbb0509de9ad388b93ecdd3032e1d2b718f6da8020570cc03d4844a2285d88586594f1a24de0fd3ca35e03baa5c
SSDEEP

1536:pH3OKot2hiVmIV9Bc6JRp52r/hxLItF9wu/GmnvSwSY9KRGXqdC/4:Ut3zVbx5UlxL0F2ufai9PQC/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2188	2024	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2188	2024	19c0494c0c7cfc3cf908811dd00e05c3_JaffaCakes118.exe	28
PID 2024 wrote to memory of 2188	2024	19c0494c0c7cfc3cf908811dd00e05c3_JaffaCakes118.exe	28
PID 2024 wrote to memory of 2188	2024	19c0494c0c7cfc3cf908811dd00e05c3_JaffaCakes118.exe	28
PID 2024 wrote to memory of 2188	2024	19c0494c0c7cfc3cf908811dd00e05c3_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\19c0494c0c7cfc3cf908811dd00e05c3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19c0494c0c7cfc3cf908811dd00e05c3_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 36
  2⤵
  - Program crash
  PID:2188

memory/2024-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download