45ddc9620a34f3595cc161c10cd1a549b5e0beeeade72ee4c0efae35dd55c4e0

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 09:51

Target

3ce3d4e41612b7963baa471da5047355_JaffaCakes118.exe
Size

254KB
MD5

3ce3d4e41612b7963baa471da5047355
SHA1

7ebd00735d63adbc6ff899d6f2fb2ebac29145a8
SHA256

45ddc9620a34f3595cc161c10cd1a549b5e0beeeade72ee4c0efae35dd55c4e0
SHA512

ec82d1a883ecc1bb136f4785b8122b10f221d996cad193c0950800fd59dbc825350a68babb13bb19ef7c4b062123b94dc60e60d3bb7e8335f739fa82c1516d83
SSDEEP

3072:drFtD5vc5Bn95MaJg1bozlOsVjzfplUB6qOMSB6B4XTcKKXGYG6M:dF55v2n97YbozUsVXUnON2ETqWYG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2432	1236	WerFault.exe	30

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 2432	1236	3ce3d4e41612b7963baa471da5047355_JaffaCakes118.exe	31
PID 1236 wrote to memory of 2432	1236	3ce3d4e41612b7963baa471da5047355_JaffaCakes118.exe	31
PID 1236 wrote to memory of 2432	1236	3ce3d4e41612b7963baa471da5047355_JaffaCakes118.exe	31
PID 1236 wrote to memory of 2432	1236	3ce3d4e41612b7963baa471da5047355_JaffaCakes118.exe	31
PID 1236 wrote to memory of 2432	1236	3ce3d4e41612b7963baa471da5047355_JaffaCakes118.exe	31
PID 1236 wrote to memory of 2432	1236	3ce3d4e41612b7963baa471da5047355_JaffaCakes118.exe	31
PID 1236 wrote to memory of 2432	1236	3ce3d4e41612b7963baa471da5047355_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\3ce3d4e41612b7963baa471da5047355_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3ce3d4e41612b7963baa471da5047355_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 356
  2⤵
  - Program crash
  PID:2432

memory/1236-0-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download