0902e215503292fafeaac7d0fed97f932d86eb287062b69a7f78c66cfa8600b2 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 11:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1a077e27b10a3cd1badf5305ab5f07bb_JaffaCakes118.exe
Size

6KB
MD5

1a077e27b10a3cd1badf5305ab5f07bb
SHA1

1934762eb0486404edd07da9ac54be2bb77eb6a2
SHA256

0902e215503292fafeaac7d0fed97f932d86eb287062b69a7f78c66cfa8600b2
SHA512

69b2bac77d0f1b0be83870d2992a07e0bfadec539051f27421a4230b5e4ec9bbe748e55084fa1437fbef300d89e549f2f94fd9396071c425bc181c8831a9410f
SSDEEP

192:eCkVzUNte6ytXDRubkcYrUm6qn3jK6uDf:ePSLytNuNwDt36r

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1104	1724	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 1104	1724	1a077e27b10a3cd1badf5305ab5f07bb_JaffaCakes118.exe	28
PID 1724 wrote to memory of 1104	1724	1a077e27b10a3cd1badf5305ab5f07bb_JaffaCakes118.exe	28
PID 1724 wrote to memory of 1104	1724	1a077e27b10a3cd1badf5305ab5f07bb_JaffaCakes118.exe	28
PID 1724 wrote to memory of 1104	1724	1a077e27b10a3cd1badf5305ab5f07bb_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\1a077e27b10a3cd1badf5305ab5f07bb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1a077e27b10a3cd1badf5305ab5f07bb_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 36
  2⤵
  - Program crash
  PID:1104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads