9cee30400d39f3970f4a24205003697660a9a29404aeb4f607477296039296c1

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 19:58

Target

2da15fd13a48b6108d7f3b293028358c_JaffaCakes118.exe
Size

100KB
MD5

2da15fd13a48b6108d7f3b293028358c
SHA1

74840046f92a38205ae255fed44b335805a2f454
SHA256

9cee30400d39f3970f4a24205003697660a9a29404aeb4f607477296039296c1
SHA512

f01e88517a844ff96493179fdf7cb23fb0ed20ea36726977bcce6a8def900990fb5c2b78208395a7423a06f22478cb307155bf518b71ae726dfe35a31afa08e5
SSDEEP

768:+IflTDncWAcdqP8+Lcn0E/AqJlu4Gr4TRoZq0f9xd3iqGXH5iBFoG/:PT77/ScO4RTR8Lf9b3iqGpA+G

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2396	2900	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 2396	2900	2da15fd13a48b6108d7f3b293028358c_JaffaCakes118.exe	30
PID 2900 wrote to memory of 2396	2900	2da15fd13a48b6108d7f3b293028358c_JaffaCakes118.exe	30
PID 2900 wrote to memory of 2396	2900	2da15fd13a48b6108d7f3b293028358c_JaffaCakes118.exe	30
PID 2900 wrote to memory of 2396	2900	2da15fd13a48b6108d7f3b293028358c_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\2da15fd13a48b6108d7f3b293028358c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2da15fd13a48b6108d7f3b293028358c_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 36
  2⤵
  - Program crash
  PID:2396

memory/2900-0-0x0000000000400000-0x0000000000419200-memory.dmp

Filesize
100KB

Download