f050d25825a60d27ae0e61e17d70af554b6c9996d44be73e7ec88ebc5878a322

Analysis

max time kernel
140s
max time network
127s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10-07-2024 12:28

Target

34b7badd46242a90b9bf692b8592f0b6_JaffaCakes118.exe
Size

638KB
MD5

34b7badd46242a90b9bf692b8592f0b6
SHA1

49ab572ec0cb772bfeed5178941d5072ed9690a3
SHA256

f050d25825a60d27ae0e61e17d70af554b6c9996d44be73e7ec88ebc5878a322
SHA512

b45db81414cb662e517473d7fb9bd44905063c0ebe47f2324827c7c2e9172434fa790eb1b77928bedaa62739c95550354f3711f94f2487536f290759e163ebcb
SSDEEP

12288:xVa8MMQ9cXwUOXZ4vVhJUDp9tAr9TCruboy4nD4iu3U1OeeDwTgEF2zf+ZYcAl0s:xVa809cABXCvVvM9tOBChygolkMSpZdW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1496	2448	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 1496	2448	34b7badd46242a90b9bf692b8592f0b6_JaffaCakes118.exe	30
PID 2448 wrote to memory of 1496	2448	34b7badd46242a90b9bf692b8592f0b6_JaffaCakes118.exe	30
PID 2448 wrote to memory of 1496	2448	34b7badd46242a90b9bf692b8592f0b6_JaffaCakes118.exe	30
PID 2448 wrote to memory of 1496	2448	34b7badd46242a90b9bf692b8592f0b6_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\34b7badd46242a90b9bf692b8592f0b6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\34b7badd46242a90b9bf692b8592f0b6_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 52
  2⤵
  - Program crash
  PID:1496

memory/2448-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2448-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2448-2-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download