3661f894245adc8f28bffa2f7cbb3dbc8b74872e249e8398ee38376ed597b3db

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 10:40

Target

38c78e03977df261ae7d982e1ec985dc_JaffaCakes118.exe
Size

2.2MB
MD5

38c78e03977df261ae7d982e1ec985dc
SHA1

01f628eeced3f407157b51036dc4d7781ac43b41
SHA256

3661f894245adc8f28bffa2f7cbb3dbc8b74872e249e8398ee38376ed597b3db
SHA512

fa81bd85254580005a1d1a9dac42665220d56714cbe46b055760b60adfed3288a4b0e336e9b6ba2db3cf06c62b7b19dda22ea35cece7a8f104d0d9d974d61e8f
SSDEEP

49152:pwJLYmzNHHi7sSDJEuAc55I0L4lEe4W63bi3slvOBj:yYmBiVtEehUSbW63eBj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2980	1000	WerFault.exe	30

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1000 wrote to memory of 2980	1000	38c78e03977df261ae7d982e1ec985dc_JaffaCakes118.exe	31
PID 1000 wrote to memory of 2980	1000	38c78e03977df261ae7d982e1ec985dc_JaffaCakes118.exe	31
PID 1000 wrote to memory of 2980	1000	38c78e03977df261ae7d982e1ec985dc_JaffaCakes118.exe	31
PID 1000 wrote to memory of 2980	1000	38c78e03977df261ae7d982e1ec985dc_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\38c78e03977df261ae7d982e1ec985dc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\38c78e03977df261ae7d982e1ec985dc_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 116
  2⤵
  - Program crash
  PID:2980