b5da8cfc17112468d5349a3fc14a539fdc646da3d806c4bc2fe0ee05c0f937f2

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 03:05

Target

246a2674d33be17266d01db83a4554af_JaffaCakes118.exe
Size

395KB
MD5

246a2674d33be17266d01db83a4554af
SHA1

5d0e992f489b1b8bf80b7a1cae98bc5e4120366b
SHA256

b5da8cfc17112468d5349a3fc14a539fdc646da3d806c4bc2fe0ee05c0f937f2
SHA512

240d0741e3bdb73fb4e67b443f20f6a964677cf0a9629d500829e9c4b0880b3625a54a77a343c332f501ee921815e332205023dc2c71e1a87ea223902ca360d4
SSDEEP

6144:fDhb/ikTpn+b2lyoangWv9zEjEj2NfEvlMYtPFcrvo9vzHmkjWiHe25+fLCrLEDq:fBKkAbMmgQX2ElMgFcrv2zWNX2M7SM+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1568	1868	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 1568	1868	246a2674d33be17266d01db83a4554af_JaffaCakes118.exe	28
PID 1868 wrote to memory of 1568	1868	246a2674d33be17266d01db83a4554af_JaffaCakes118.exe	28
PID 1868 wrote to memory of 1568	1868	246a2674d33be17266d01db83a4554af_JaffaCakes118.exe	28
PID 1868 wrote to memory of 1568	1868	246a2674d33be17266d01db83a4554af_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\246a2674d33be17266d01db83a4554af_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\246a2674d33be17266d01db83a4554af_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 116
  2⤵
  - Program crash
  PID:1568

memory/1868-0-0x0000000001000000-0x0000000001073000-memory.dmp

Filesize
460KB

Download