eabb762e007aa44cd3f4f76db6ceea8ab42ceee86d5060f241ff7da1ebed737e

Analysis

max time kernel
142s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 13:17

Target

1a43e8a3a524bf1ac20c0f6be43782ea_JaffaCakes118.exe
Size

8KB
MD5

1a43e8a3a524bf1ac20c0f6be43782ea
SHA1

ed022159e9a6fe8338882ffc6b2ecc7c7a2ea637
SHA256

eabb762e007aa44cd3f4f76db6ceea8ab42ceee86d5060f241ff7da1ebed737e
SHA512

beccb8c7ea0064cadc64ce0161b5168165e50c46d2fae6fb86d2835c5c163f9bed90f8fbacdb39a786e132c3d811f93558d130f19c844ab0e9dbbafbac9555aa
SSDEEP

192:vY1YeOHSdt7q68zlXk5nIQ/oE0H6f/RoB0JnSjr4t0ev1:vY1TOHSdt7qDZXcIQ//0afyB0JDv1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2180	1116	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1116 wrote to memory of 2180	1116	1a43e8a3a524bf1ac20c0f6be43782ea_JaffaCakes118.exe	28
PID 1116 wrote to memory of 2180	1116	1a43e8a3a524bf1ac20c0f6be43782ea_JaffaCakes118.exe	28
PID 1116 wrote to memory of 2180	1116	1a43e8a3a524bf1ac20c0f6be43782ea_JaffaCakes118.exe	28
PID 1116 wrote to memory of 2180	1116	1a43e8a3a524bf1ac20c0f6be43782ea_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\1a43e8a3a524bf1ac20c0f6be43782ea_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1a43e8a3a524bf1ac20c0f6be43782ea_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1116
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 120
  2⤵
  - Program crash
  PID:2180

memory/1116-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download