04022b3e3ff5ebbd5664134e2b9c8c89f0ecbfbd466110421bcd930abb43776b

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14-07-2024 22:36

Target

4713b1545a1d26462397251f58cdf398_JaffaCakes118.exe
Size

293KB
MD5

4713b1545a1d26462397251f58cdf398
SHA1

693bc85e53ee29785074a32e6a6a3af1c5037882
SHA256

04022b3e3ff5ebbd5664134e2b9c8c89f0ecbfbd466110421bcd930abb43776b
SHA512

8739d2f8aa911a0208a687ea1a570706ebf015ff445e7300518b0014f797ad7ecc8e7eb63bab1742e8c456a121c3eeb04655a0bf10deb4ab2c0d73c426e57b68
SSDEEP

6144:XPdM7MANEVzGlcEDUl4qaRYVQiJTGbusJRhgnGXcND7Xm2BeddhMHSEVoH:SNEh8cSLqd9sisDhgnGKBBedDMyEVy

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2304	3064	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2304	3064	4713b1545a1d26462397251f58cdf398_JaffaCakes118.exe	30
PID 3064 wrote to memory of 2304	3064	4713b1545a1d26462397251f58cdf398_JaffaCakes118.exe	30
PID 3064 wrote to memory of 2304	3064	4713b1545a1d26462397251f58cdf398_JaffaCakes118.exe	30
PID 3064 wrote to memory of 2304	3064	4713b1545a1d26462397251f58cdf398_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\4713b1545a1d26462397251f58cdf398_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4713b1545a1d26462397251f58cdf398_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 140
  2⤵
  - Program crash
  PID:2304

memory/3064-1-0x0000000001C40000-0x0000000001C8B000-memory.dmp

Filesize
300KB

Download
memory/3064-0-0x0000000001BF0000-0x0000000001C31000-memory.dmp

Filesize
260KB

Download