Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
10-07-2024 21:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe
Resource
win7-20240705-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe
-
Size
204KB
-
MD5
3661a270ade2a98afffd59260c50191d
-
SHA1
4e192bfd9c9addf23954025a3cf2484b129d394f
-
SHA256
c3bfd1c842557287fb27477d91791eaa05c076375d2e643b00bf7e4bbc239992
-
SHA512
977ac161804bf230ea617f21b4326efd79b2554427534e8a2f3d40db3faf073e5f2b249180b167eea25ddcb7a50f45b5e2fdc4bb3f4d9dc0176266bc359c33ef
-
SSDEEP
3072:LbqM6WKjyv2vQalYJt2DvlBkPc/bUMJYY9mo9yNd3mlFg1zDla7:LGxWKGFBiD9PzJYO9cL1HI7
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
Processes:
3661a270ade2a98afffd59260c50191d_JaffaCakes118.exedescription ioc process File created C:\Windows\SysWOW64\5372-119-4 3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3052 668 WerFault.exe 3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
3661a270ade2a98afffd59260c50191d_JaffaCakes118.exedescription pid process target process PID 668 wrote to memory of 3052 668 3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe WerFault.exe PID 668 wrote to memory of 3052 668 3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe WerFault.exe PID 668 wrote to memory of 3052 668 3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe WerFault.exe PID 668 wrote to memory of 3052 668 3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3661a270ade2a98afffd59260c50191d_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:668 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 1002⤵
- Program crash
PID:3052