a50b9ebe662ee383fc9f0671b923f9b6d7c339071446d43f8d6b6e9b8c352b64

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 12:06

Target

45be459565398fb069e962b9b91445d6_JaffaCakes118.exe
Size

348KB
MD5

45be459565398fb069e962b9b91445d6
SHA1

b1cc60b426fd2391ab54fa7f87542a1949c3abb6
SHA256

a50b9ebe662ee383fc9f0671b923f9b6d7c339071446d43f8d6b6e9b8c352b64
SHA512

bac6a9942dc2e1825a5c496f69cc312e565fb693f0bad236145d25c3caf9192459ca6f8444683c66f87d524afa49074c32137be030c7ae45e3007ab9e5060027
SSDEEP

6144:FrDk2rxzx+uJB/7QDa0+z1AvMP+y1BSm91VNLq9IoNJmqn:BRxN+6B/7QG0+zSvMP+Ev91nLqCoNJPn

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2756	2888	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2756	2888	45be459565398fb069e962b9b91445d6_JaffaCakes118.exe	30
PID 2888 wrote to memory of 2756	2888	45be459565398fb069e962b9b91445d6_JaffaCakes118.exe	30
PID 2888 wrote to memory of 2756	2888	45be459565398fb069e962b9b91445d6_JaffaCakes118.exe	30
PID 2888 wrote to memory of 2756	2888	45be459565398fb069e962b9b91445d6_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\45be459565398fb069e962b9b91445d6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\45be459565398fb069e962b9b91445d6_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 176
  2⤵
  - Program crash
  PID:2756