7ad1db7f7c01e377d913bfc35da1261711dda5fed2ce98bebf4f0b3339d13678

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 09:22

Target

41183474b0523f53cf3a3af1e4833d69_JaffaCakes118.exe
Size

44KB
MD5

41183474b0523f53cf3a3af1e4833d69
SHA1

94e6fc55359991f49c63a4766271801887031523
SHA256

7ad1db7f7c01e377d913bfc35da1261711dda5fed2ce98bebf4f0b3339d13678
SHA512

147e0a87dd2ff3769630f8804de6384e0c909f679845753017ec9e1a9e2496996026cf3a01f975d810b7c31666fcc2784937228be72dbfb0cb9a24362cfb42e4
SSDEEP

768:jd1we/uuyLvYbPAyquazHlOKoSOdWv/QK/APitFoY2P2:/w7vY7AyvKH8KvujK6K42

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2692	2688	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 2692	2688	41183474b0523f53cf3a3af1e4833d69_JaffaCakes118.exe	30
PID 2688 wrote to memory of 2692	2688	41183474b0523f53cf3a3af1e4833d69_JaffaCakes118.exe	30
PID 2688 wrote to memory of 2692	2688	41183474b0523f53cf3a3af1e4833d69_JaffaCakes118.exe	30
PID 2688 wrote to memory of 2692	2688	41183474b0523f53cf3a3af1e4833d69_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\41183474b0523f53cf3a3af1e4833d69_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\41183474b0523f53cf3a3af1e4833d69_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 136
  2⤵
  - Program crash
  PID:2692