0645a2077a2564f145d8af43bf915168489362d8e6b07e5aa0eb3b8e6a7bf176

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 05:07

Target

2b15244d439c254b58f2b525a4e8f725_JaffaCakes118.exe
Size

19KB
MD5

2b15244d439c254b58f2b525a4e8f725
SHA1

004fc87c82169f976a467cd475d5b0ab806ec642
SHA256

0645a2077a2564f145d8af43bf915168489362d8e6b07e5aa0eb3b8e6a7bf176
SHA512

6d6509f3125b1becc7c06b41a2fe7dfd5ea6cad111462192bdbdd464c5fbf5fbaffaff7a7853a5efed90d8bb5a7da08345a6e6593b407ba606361eecbf31f6a2
SSDEEP

384:Wez56KzPcU0rojjWYs3aHsgPrFMg0FLwRSRjb3q3kH:WA5ZEU0rojjWXaPvELwQNTR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2056	2368	WerFault.exe	30

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2056	2368	2b15244d439c254b58f2b525a4e8f725_JaffaCakes118.exe	31
PID 2368 wrote to memory of 2056	2368	2b15244d439c254b58f2b525a4e8f725_JaffaCakes118.exe	31
PID 2368 wrote to memory of 2056	2368	2b15244d439c254b58f2b525a4e8f725_JaffaCakes118.exe	31
PID 2368 wrote to memory of 2056	2368	2b15244d439c254b58f2b525a4e8f725_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\2b15244d439c254b58f2b525a4e8f725_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2b15244d439c254b58f2b525a4e8f725_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 532
  2⤵
  - Program crash
  PID:2056

memory/2368-0-0x000000007484E000-0x000000007484F000-memory.dmp

Filesize
4KB

Download
memory/2368-1-0x0000000001010000-0x000000000101A000-memory.dmp

Filesize
40KB

Download
memory/2368-2-0x000000007484E000-0x000000007484F000-memory.dmp

Filesize
4KB

Download