b3ee311dbd407fed66278ee22e705ce960946ead8beee2390440d1d19e24738e

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 10:13

Target

455f9e5b5b896f0880737ae9563f1a43_JaffaCakes118.exe
Size

452KB
MD5

455f9e5b5b896f0880737ae9563f1a43
SHA1

8a43fd1687d4fbed0a143247e54103e6729dcd63
SHA256

b3ee311dbd407fed66278ee22e705ce960946ead8beee2390440d1d19e24738e
SHA512

f28d4137a6b7c5908eb50f3de3743b932054309a9a279798668cd789ed021389f9d561e3ba4cfa00712402897fc33df4234ed7c955f80aa60b65aa055900345f
SSDEEP

6144:iGWK9s2n1sDEFSUknwoD6AaeICSj7kEoed0PFn0wccccccccAqX8FJLzslGg:i9ysVnKt7oUNhz9g

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2708	2104	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2708	2104	455f9e5b5b896f0880737ae9563f1a43_JaffaCakes118.exe	30
PID 2104 wrote to memory of 2708	2104	455f9e5b5b896f0880737ae9563f1a43_JaffaCakes118.exe	30
PID 2104 wrote to memory of 2708	2104	455f9e5b5b896f0880737ae9563f1a43_JaffaCakes118.exe	30
PID 2104 wrote to memory of 2708	2104	455f9e5b5b896f0880737ae9563f1a43_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\455f9e5b5b896f0880737ae9563f1a43_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\455f9e5b5b896f0880737ae9563f1a43_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 164
  2⤵
  - Program crash
  PID:2708

memory/2104-0-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download