daa914ddca0bd6318415e75c9d76494ddd17cd94533d36067a7ffb208c19612d

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 17:43

Target

290bcd28af7d1bebcb789cfaf8f0c889_JaffaCakes118.exe
Size

9KB
MD5

290bcd28af7d1bebcb789cfaf8f0c889
SHA1

675001053a4bbb84259d4d0a0146134f79c3fb74
SHA256

daa914ddca0bd6318415e75c9d76494ddd17cd94533d36067a7ffb208c19612d
SHA512

ca5a80f64b1a3dcd2bd48f5d9b1fd45bb2d4777b5c9b767248445d288497995ac609b30ef76db53976152df02e4a28d5845c362594c45b3627b1ea7483b3a099
SSDEEP

192:8fQxXaau4CZG85EkqNgJOphz/uZ+oEZ8x9j9NRNDrs12WpuOpW9SzFgk305RTi:8fQxXa/4AJ9Yvd4B/owWb6pi

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2852	2692	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2852	2692	290bcd28af7d1bebcb789cfaf8f0c889_JaffaCakes118.exe	30
PID 2692 wrote to memory of 2852	2692	290bcd28af7d1bebcb789cfaf8f0c889_JaffaCakes118.exe	30
PID 2692 wrote to memory of 2852	2692	290bcd28af7d1bebcb789cfaf8f0c889_JaffaCakes118.exe	30
PID 2692 wrote to memory of 2852	2692	290bcd28af7d1bebcb789cfaf8f0c889_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\290bcd28af7d1bebcb789cfaf8f0c889_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\290bcd28af7d1bebcb789cfaf8f0c889_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 88
  2⤵
  - Program crash
  PID:2852