02070b64152c01a887418f6966f31c4876a3039b7ad6f9831cb6c36dbef989bc | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 18:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

25d3e8b91692d8683a2621f026946502_JaffaCakes118.exe
Size

37KB
MD5

25d3e8b91692d8683a2621f026946502
SHA1

627d6191da310544800cc6eef72d957eaa5b3b6a
SHA256

02070b64152c01a887418f6966f31c4876a3039b7ad6f9831cb6c36dbef989bc
SHA512

dd31df11ce54eddf91dc58ac231b6c8c4dddc855048a22f22eb5237202a442e75b8bc86bc22231007b581bd00727ca1ed22fe7214762719790a2ae31e4018eb3
SSDEEP

48:qQEtsURpFMZkWJ+L6AikHM3+X3j79Bq0F:ghpwZMjs3i3NQ

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2856	1976	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2856	1976	25d3e8b91692d8683a2621f026946502_JaffaCakes118.exe	28
PID 1976 wrote to memory of 2856	1976	25d3e8b91692d8683a2621f026946502_JaffaCakes118.exe	28
PID 1976 wrote to memory of 2856	1976	25d3e8b91692d8683a2621f026946502_JaffaCakes118.exe	28
PID 1976 wrote to memory of 2856	1976	25d3e8b91692d8683a2621f026946502_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\25d3e8b91692d8683a2621f026946502_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\25d3e8b91692d8683a2621f026946502_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 36
  2⤵
  - Program crash
  PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads