b8ec9b50f1c9e7c3287a166f631cf62d421e424823f284dd11e2c60eda0a867c

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 01:31

Target

3734f2b0fd4584a15739327f43f971cf_JaffaCakes118.exe
Size

469KB
MD5

3734f2b0fd4584a15739327f43f971cf
SHA1

005dae8a6d57d6544bdd670008ac48de54aa0b07
SHA256

b8ec9b50f1c9e7c3287a166f631cf62d421e424823f284dd11e2c60eda0a867c
SHA512

b3b3d98582bb6ea2e8c7a7a3174d0b8a468a365f5d5f61e38eb474211e933e5ce408380d59470715c08d4d5c1529fca09a6631026fc44ef4fd029605f7976c86
SSDEEP

12288:qQxtyhk8gcrIbWBSUDJFsghQIkvU5CTaNa0:/Hv8g2eUDnDQV/m

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1796	1668	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 1796	1668	3734f2b0fd4584a15739327f43f971cf_JaffaCakes118.exe	30
PID 1668 wrote to memory of 1796	1668	3734f2b0fd4584a15739327f43f971cf_JaffaCakes118.exe	30
PID 1668 wrote to memory of 1796	1668	3734f2b0fd4584a15739327f43f971cf_JaffaCakes118.exe	30
PID 1668 wrote to memory of 1796	1668	3734f2b0fd4584a15739327f43f971cf_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\3734f2b0fd4584a15739327f43f971cf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3734f2b0fd4584a15739327f43f971cf_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 216
  2⤵
  - Program crash
  PID:1796

memory/1668-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1668-1-0x0000000004000000-0x000000000407C000-memory.dmp

Filesize
496KB

Download
memory/1668-3-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download