505854bdf78e01d0770dfe7df298d9544c2c6777208ed5fdee64025b4371516d

Analysis

max time kernel
140s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 02:28

Target

3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe
Size

17KB
MD5

3fd4e785168b88467ae7b9a827014cc0
SHA1

49c21232049d4d3196b0c081c3be2d2044bab1c7
SHA256

505854bdf78e01d0770dfe7df298d9544c2c6777208ed5fdee64025b4371516d
SHA512

8e3f21ca1e29686f6c7d64c905f0ef4571964a5b82b5776a40747815dde9d546c63f28774cd9dd520cbfb11f9a6bd2e5139b02242654f2105b0e25ab5673b327
SSDEEP

384:cBrXX0D2MZtDFCHv8hX3wNqJlruDzD0cPy5iYxA2L0U:WItDFkv+XfJl6DMc3YdX

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2912	1732	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2912	1732	3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe	30
PID 1732 wrote to memory of 2912	1732	3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe	30
PID 1732 wrote to memory of 2912	1732	3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe	30
PID 1732 wrote to memory of 2912	1732	3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 36
  2⤵
  - Program crash
  PID:2912

memory/1732-3-0x000000000F621000-0x000000000F62B000-memory.dmp

Filesize
40KB

Download
memory/1732-2-0x000000000F620000-0x000000000F62F000-memory.dmp

Filesize
60KB

Download
memory/1732-1-0x000000000F620000-0x000000000F62F000-memory.dmp

Filesize
60KB

Download
memory/1732-0-0x000000000F620000-0x000000000F62F000-memory.dmp

Filesize
60KB

Download