7737abf0b987e140ec2f429ceefdd2a2bb0c57eed77aefec2ba6768a21d86078

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 15:50

Target

28b84d2e2bdb2e3410b3491ad41f71a4_JaffaCakes118.exe
Size

14KB
MD5

28b84d2e2bdb2e3410b3491ad41f71a4
SHA1

128d1348e4f0b9c461e7ae98081c26e3ecebb151
SHA256

7737abf0b987e140ec2f429ceefdd2a2bb0c57eed77aefec2ba6768a21d86078
SHA512

9666e24ae1b4b505172ebf1e9089bfe6c45bb048aff1e186723e790cce5319080b020d224fe517ea1b4144eacb094decaac5f8ad8653921a6cd24f442c0e3878
SSDEEP

384:cDiRrTp13SkhnRCwOV5JpeLCdw9rDpBWCl8CbW:zT/3Ska6LhpEC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1636	1592	WerFault.exe	28

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 1636	1592	28b84d2e2bdb2e3410b3491ad41f71a4_JaffaCakes118.exe	29
PID 1592 wrote to memory of 1636	1592	28b84d2e2bdb2e3410b3491ad41f71a4_JaffaCakes118.exe	29
PID 1592 wrote to memory of 1636	1592	28b84d2e2bdb2e3410b3491ad41f71a4_JaffaCakes118.exe	29
PID 1592 wrote to memory of 1636	1592	28b84d2e2bdb2e3410b3491ad41f71a4_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\28b84d2e2bdb2e3410b3491ad41f71a4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\28b84d2e2bdb2e3410b3491ad41f71a4_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1592
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 64
  2⤵
  - Program crash
  PID:1636