f7c138b3833a65ca8bd9ec9fcbcc9225d9a856d92fcfaa11734b0dd8c055a0a8

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 13:29

Target

2c88084869ff7797f17d119032f6ee2d_JaffaCakes118.exe
Size

920KB
MD5

2c88084869ff7797f17d119032f6ee2d
SHA1

405a583e71064da6dd632690b16ae2a73982c73d
SHA256

f7c138b3833a65ca8bd9ec9fcbcc9225d9a856d92fcfaa11734b0dd8c055a0a8
SHA512

d28789554d9d96b4e2ab86b056ccba4eb65bb196fa7cb239fb129fed2e731b5298e338b17dcbab295d2f4cb896e45b2696735e636268274874ceba2ea50c1e50
SSDEEP

24576:IdzMIuzvOz4DyoJziYQm7anqTlGgB2g8Dt/W9oQYWF+XL:IdVuzvOz6xJziin2VYpYyS

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1448-1-0x0000000000400000-0x00000000005BE000-memory.dmp	upx

Program crash 8 IoCs

pid	pid_target	Process	procid_target
4636	1448	WerFault.exe	81
2252	1448	WerFault.exe	81
4828	1448	WerFault.exe	81
2280	1448	WerFault.exe	81
1904	1448	WerFault.exe	81
1328	1448	WerFault.exe	81
1156	1448	WerFault.exe	81
3948	1448	WerFault.exe	81

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1448	2c88084869ff7797f17d119032f6ee2d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2c88084869ff7797f17d119032f6ee2d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2c88084869ff7797f17d119032f6ee2d_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1448
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 844
  2⤵
  - Program crash
  PID:4636
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 832
  2⤵
  - Program crash
  PID:2252
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 864
  2⤵
  - Program crash
  PID:4828
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 908
  2⤵
  - Program crash
  PID:2280
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 1000
  2⤵
  - Program crash
  PID:1904
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 1100
  2⤵
  - Program crash
  PID:1328
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 152
  2⤵
  - Program crash
  PID:1156
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 136
  2⤵
  - Program crash
  PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 1448 -ip 1448
1⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1448 -ip 1448
1⤵
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 1448 -ip 1448
1⤵
PID:116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1448 -ip 1448
1⤵
PID:796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1448 -ip 1448
1⤵
PID:3808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1448 -ip 1448
1⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1448 -ip 1448
1⤵
PID:428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1448 -ip 1448
1⤵
PID:2180

memory/1448-0-0x00007FFDC46D0000-0x00007FFDC48C5000-memory.dmp

Filesize
2.0MB

Download
memory/1448-1-0x0000000000400000-0x00000000005BE000-memory.dmp

Filesize
1.7MB

Download