edb5cea85c1e3d3e8a5582442cc88763a0a47780d0f2ea63ae755dec5c381aaf

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b57fb54d38259f73eca35e9767177ea_JaffaCakes118.exe
Size

1.4MB
MD5

1b57fb54d38259f73eca35e9767177ea
SHA1

0ff8ce7b26da2f35b996343c81602a61565e4af5
SHA256

edb5cea85c1e3d3e8a5582442cc88763a0a47780d0f2ea63ae755dec5c381aaf
SHA512

9dee45d4d7424e6fc8ab7de238293fa794422b915149d73fce6a56fcbc3b66c4ea5dd1acc9a855a515abbc11fe92d7d39415915c1fc65c776bdfb4ff5cc5fd38
SSDEEP

24576:W2FZHhllZvSwkZd/yivWiv8xpIAo3syu3uslVsb1+qleW3tlxs:WCZHh9vZfivWi6jo3s33uslK+qldrs

Score

3^/10

Malware Config

Signatures

Program crash 16 IoCs

pid	pid_target	Process	procid_target
4384	4468	WerFault.exe	81
2760	4468	WerFault.exe	81
4296	4468	WerFault.exe	81
4428	4468	WerFault.exe	81
1868	4468	WerFault.exe	81
4352	4468	WerFault.exe	81
2708	4468	WerFault.exe	81
3500	4468	WerFault.exe	81
632	4468	WerFault.exe	81
5020	4468	WerFault.exe	81
456	4468	WerFault.exe	81
4952	4468	WerFault.exe	81
4308	4468	WerFault.exe	81
2464	4468	WerFault.exe	81
5032	4468	WerFault.exe	81
1348	4468	WerFault.exe	81

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4468	1b57fb54d38259f73eca35e9767177ea_JaffaCakes118.exe
4468	1b57fb54d38259f73eca35e9767177ea_JaffaCakes118.exe
4468	1b57fb54d38259f73eca35e9767177ea_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\1b57fb54d38259f73eca35e9767177ea_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1b57fb54d38259f73eca35e9767177ea_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4468
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 680
  2⤵
  - Program crash
  PID:4384
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 628
  2⤵
  - Program crash
  PID:2760
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 656
  2⤵
  - Program crash
  PID:4296
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 924
  2⤵
  - Program crash
  PID:4428
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 944
  2⤵
  - Program crash
  PID:1868
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 944
  2⤵
  - Program crash
  PID:4352
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 1284
  2⤵
  - Program crash
  PID:2708
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 1632
  2⤵
  - Program crash
  PID:3500
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 1640
  2⤵
  - Program crash
  PID:632
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 1668
  2⤵
  - Program crash
  PID:5020
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 1740
  2⤵
  - Program crash
  PID:456
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 1740
  2⤵
  - Program crash
  PID:4952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 1644
  2⤵
  - Program crash
  PID:4308
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 1852
  2⤵
  - Program crash
  PID:2464
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 1844
  2⤵
  - Program crash
  PID:5032
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 928
  2⤵
  - Program crash
  PID:1348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4468 -ip 4468
1⤵
PID:2376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 4468 -ip 4468
1⤵
PID:2360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4468 -ip 4468
1⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4468 -ip 4468
1⤵
PID:2884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4468 -ip 4468
1⤵
PID:2656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4468 -ip 4468
1⤵
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4468 -ip 4468
1⤵
PID:2324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 124 -p 4468 -ip 4468
1⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4468 -ip 4468
1⤵
PID:828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4468 -ip 4468
1⤵
PID:1872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 124 -p 4468 -ip 4468
1⤵
PID:3508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4468 -ip 4468
1⤵
PID:2148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4468 -ip 4468
1⤵
PID:1400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4468 -ip 4468
1⤵
PID:1784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4468 -ip 4468
1⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4468 -ip 4468
1⤵
PID:2708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4468-0-0x0000000000400000-0x000000000055B000-memory.dmp

Filesize
1.4MB

Download
memory/4468-7-0x0000000000400000-0x000000000055B000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads