546437fe44c250b5965dcb2aeeed8b20d7a4d2f4234ae4f4984f4642647c4c47

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 23:59

Target

26b903f5695fab3174eeef86347c3474_JaffaCakes118.exe
Size

25KB
MD5

26b903f5695fab3174eeef86347c3474
SHA1

7f968086a1a9dfa72172ee0c8737f7a782c63a6c
SHA256

546437fe44c250b5965dcb2aeeed8b20d7a4d2f4234ae4f4984f4642647c4c47
SHA512

0866e6f186ee18313413a5e8994bdafb60f7bcea9d1eff56d62e65f823e42f5f022d42e1f7ef6eac74fd3ab0b66e53d5ec7a47a137deb8e95ff0cb20617a075e
SSDEEP

768:7nzn5B5eQbkRY23n0psxeobT8lsU2hK2n8BNiSmsibMBf:7nz5B57o223+GeobTOsU2hD8BvZTB

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1916	1424	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 1916	1424	26b903f5695fab3174eeef86347c3474_JaffaCakes118.exe	28
PID 1424 wrote to memory of 1916	1424	26b903f5695fab3174eeef86347c3474_JaffaCakes118.exe	28
PID 1424 wrote to memory of 1916	1424	26b903f5695fab3174eeef86347c3474_JaffaCakes118.exe	28
PID 1424 wrote to memory of 1916	1424	26b903f5695fab3174eeef86347c3474_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\26b903f5695fab3174eeef86347c3474_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\26b903f5695fab3174eeef86347c3474_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 36
  2⤵
  - Program crash
  PID:1916