4ca43c572a212d4fdaab353e8f75c1a1968535385532316e9e65d21c7258aac5

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 12:24

Target

41a5bc118d234e3b8896089f0002c5e1_JaffaCakes118.exe
Size

511KB
MD5

41a5bc118d234e3b8896089f0002c5e1
SHA1

b3606ec9537bca6241ae0e3ab73f8c841f5dfe39
SHA256

4ca43c572a212d4fdaab353e8f75c1a1968535385532316e9e65d21c7258aac5
SHA512

ecdd42184182e14b5aeec11d27b4c088ffe023baf5bd6571741468aae7d4e91013f98fe7f69c493f0ba0794c038004b0d273516e6801fc5fba43ea5768f59eba
SSDEEP

12288:dxJh2LQ9RlHFVzgHgJ366ZDqr+P1wmWocvc/e6cqnZ:Rh28rFVzgHgQ6ZDqr+PONN3HqZ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3036	2412	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 3036	2412	41a5bc118d234e3b8896089f0002c5e1_JaffaCakes118.exe	30
PID 2412 wrote to memory of 3036	2412	41a5bc118d234e3b8896089f0002c5e1_JaffaCakes118.exe	30
PID 2412 wrote to memory of 3036	2412	41a5bc118d234e3b8896089f0002c5e1_JaffaCakes118.exe	30
PID 2412 wrote to memory of 3036	2412	41a5bc118d234e3b8896089f0002c5e1_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\41a5bc118d234e3b8896089f0002c5e1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\41a5bc118d234e3b8896089f0002c5e1_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 152
  2⤵
  - Program crash
  PID:3036

memory/2412-0-0x0000000000400000-0x00000000005A2000-memory.dmp

Filesize
1.6MB

Download
memory/2412-1-0x000000000052D000-0x000000000052E000-memory.dmp

Filesize
4KB

Download
memory/2412-2-0x0000000000400000-0x00000000005A2000-memory.dmp

Filesize
1.6MB

Download