180ef83ad30d5d1c48021a03179e61b614d98feac696b24fcdb9962184e14d16

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 12:40

Target

1a2735359c2ae4dfd7b0fc38eb9dae56_JaffaCakes118.exe
Size

5KB
MD5

1a2735359c2ae4dfd7b0fc38eb9dae56
SHA1

796f58e9a991ca92aca49a55c1ec779392c7fc43
SHA256

180ef83ad30d5d1c48021a03179e61b614d98feac696b24fcdb9962184e14d16
SHA512

11cc61c4388303b3acc5417c9dc971cd4832a2f6deef4c17171d2d8dadf0207c10ccb73978d4c2534250f4b4a9ebe9bf9b272e2915f9759a74a79b24c6b8b111
SSDEEP

96:nPH1NPiP0s+u4GbCu1QvKJgCHRqQsx4FZePhj:nP1ZiPuGOu17nsuzeJj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2828	2340	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 2828	2340	1a2735359c2ae4dfd7b0fc38eb9dae56_JaffaCakes118.exe	28
PID 2340 wrote to memory of 2828	2340	1a2735359c2ae4dfd7b0fc38eb9dae56_JaffaCakes118.exe	28
PID 2340 wrote to memory of 2828	2340	1a2735359c2ae4dfd7b0fc38eb9dae56_JaffaCakes118.exe	28
PID 2340 wrote to memory of 2828	2340	1a2735359c2ae4dfd7b0fc38eb9dae56_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\1a2735359c2ae4dfd7b0fc38eb9dae56_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1a2735359c2ae4dfd7b0fc38eb9dae56_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 36
  2⤵
  - Program crash
  PID:2828

memory/2340-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2340-0-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2340-2-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2340-3-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download