159ff0ab31ad8e9767fee6f9243979edc4c3128c23c051471fcb489225db3010

Analysis

max time kernel
15s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07/07/2024, 10:54

Target

29ee555d37bd6b2a84d83ef568f1e156_JaffaCakes118.exe
Size

53KB
MD5

29ee555d37bd6b2a84d83ef568f1e156
SHA1

1b289ecd7a4047a57d315a9145a10055d8724407
SHA256

159ff0ab31ad8e9767fee6f9243979edc4c3128c23c051471fcb489225db3010
SHA512

2a60674c0d4da896f4f444c64914ceff91828589fe029f7ea5d87d6855eaba04a65c9f815dbd913e39d6608f276b71a956dd1744c6fe186873e7fb853279576a
SSDEEP

1536:bvxsmLaMeyiJmvURXkCgeSLZkO8zCBk+ha6s:bvx7LcccRXkCgeS8zSpap

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2472	624	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 2472	624	29ee555d37bd6b2a84d83ef568f1e156_JaffaCakes118.exe	30
PID 624 wrote to memory of 2472	624	29ee555d37bd6b2a84d83ef568f1e156_JaffaCakes118.exe	30
PID 624 wrote to memory of 2472	624	29ee555d37bd6b2a84d83ef568f1e156_JaffaCakes118.exe	30
PID 624 wrote to memory of 2472	624	29ee555d37bd6b2a84d83ef568f1e156_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\29ee555d37bd6b2a84d83ef568f1e156_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\29ee555d37bd6b2a84d83ef568f1e156_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:624
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 116
  2⤵
  - Program crash
  PID:2472