Analysis
-
max time kernel
14s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
12-07-2024 17:16
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3e330ccfd822e9ff90b43e989621fdde_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
3e330ccfd822e9ff90b43e989621fdde_JaffaCakes118.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
3e330ccfd822e9ff90b43e989621fdde_JaffaCakes118.exe
-
Size
3KB
-
MD5
3e330ccfd822e9ff90b43e989621fdde
-
SHA1
489461394d9fdcde597212fbe8020e63346251ed
-
SHA256
e037f1be5337228adf612ab9a8783bebf0d23d285afa239738b96703ec8d3778
-
SHA512
42250c97963e63aee2811ea9dac85cb716fd3d6f348a850d8a4d19d3daa7780fb1ae75d560fc6c002a355dffabf34e78f3846a5f2704cc42029f7d14582bf480
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2472 2444 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2444 wrote to memory of 2472 2444 3e330ccfd822e9ff90b43e989621fdde_JaffaCakes118.exe 28 PID 2444 wrote to memory of 2472 2444 3e330ccfd822e9ff90b43e989621fdde_JaffaCakes118.exe 28 PID 2444 wrote to memory of 2472 2444 3e330ccfd822e9ff90b43e989621fdde_JaffaCakes118.exe 28 PID 2444 wrote to memory of 2472 2444 3e330ccfd822e9ff90b43e989621fdde_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\3e330ccfd822e9ff90b43e989621fdde_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3e330ccfd822e9ff90b43e989621fdde_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2444 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 362⤵
- Program crash
PID:2472
-