c3bfd1c842557287fb27477d91791eaa05c076375d2e643b00bf7e4bbc239992

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10-07-2024 21:06

Target

3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe
Size

204KB
MD5

3661a270ade2a98afffd59260c50191d
SHA1

4e192bfd9c9addf23954025a3cf2484b129d394f
SHA256

c3bfd1c842557287fb27477d91791eaa05c076375d2e643b00bf7e4bbc239992
SHA512

977ac161804bf230ea617f21b4326efd79b2554427534e8a2f3d40db3faf073e5f2b249180b167eea25ddcb7a50f45b5e2fdc4bb3f4d9dc0176266bc359c33ef
SSDEEP

3072:LbqM6WKjyv2vQalYJt2DvlBkPc/bUMJYY9mo9yNd3mlFg1zDla7:LGxWKGFBiD9PzJYO9cL1HI7

Score

5^/10

Drops file in System32 directory 1 IoCs

Processes:

3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe

description ioc process

File created C:\Windows\SysWOW64\5372-119-4 3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3052 668 WerFault.exe 3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\5372-119-4	3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe

pid	pid_target	process	target process
3052	668	WerFault.exe	3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe

description	pid	process	target process
PID 668 wrote to memory of 3052	668	3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe	WerFault.exe
PID 668 wrote to memory of 3052	668	3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe	WerFault.exe
PID 668 wrote to memory of 3052	668	3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe	WerFault.exe
PID 668 wrote to memory of 3052	668	3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe	WerFault.exe

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 100
2⤵
- Program crash
PID:3052