b08af00cd09f0e6e80fdfdb7d9b7c1a8726c4c8d0d5a4b040f0e6d965f28f501

Analysis

max time kernel
135s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 21:08

Target

366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe
Size

32KB
MD5

366338f7a4e55a5f7a9f43f7a1d10014
SHA1

d801577b2f3455656be0443a45b90b70df003b3a
SHA256

b08af00cd09f0e6e80fdfdb7d9b7c1a8726c4c8d0d5a4b040f0e6d965f28f501
SHA512

c84b9267c6cbf2b5b37ba74abdc3ca43f83c954caf3b950df1e653f5c4631053e2664449c7dc4f16f2ccdcf44bde2b636be4de596eae5b766a899aa5156e1079
SSDEEP

384:/T1dDqmPyNDmngLRkMe9Uu7VxWiIY58o/ZbGcGF3vw:/JdeT9m7B9pHWpi/Zk3vw

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

rst.exe

pid process

4564 rst.exe
Drops file in System32 directory 1 IoCs

Processes:

366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe

description ioc process

File opened for modification C:\Windows\SysWOW64\rst.exe 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1428 4564 WerFault.exe rst.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe

pid process

4640 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe

pid	process
4564	rst.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\rst.exe	366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe

pid	pid_target	process	target process
1428	4564	WerFault.exe	rst.exe

pid	process
4640	366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe

description	pid	process	target process
PID 4640 wrote to memory of 4564	4640	366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe	rst.exe
PID 4640 wrote to memory of 4564	4640	366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe	rst.exe
PID 4640 wrote to memory of 4564	4640	366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe	rst.exe

C:\Windows\SysWOW64\rst.exe
C:\Windows\system32\rst.exe
2⤵
- Executes dropped EXE
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 492
3⤵
- Program crash
PID:1428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4564 -ip 4564
1⤵
PID:1012

C:\Windows\SysWOW64\rst.exe

Filesize
8KB

MD5
ca04309dd09085180523e7642aaa10be

SHA1
a0bcf62d27cc74b4c4cb48fe9cb2d5a661b7c0cf

SHA256
0373ef0fd6c3b0eeee386f67496c0ffc4973a43c8082859069d2cfefc6023c83

SHA512
c012cf2731418e8f174c1971e2b2e146db785161a8ce586bed94655b88b1b0267a30133ffed17a05f1ec6d8e41a63ffe1694fadf08a84ceaf29fc86969a81bcb

Download Submit
memory/4564-6-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download