787afd8fbdb150ed0ddd5fa5e60308bc55ac3ba52a7b9cd4ab6de29663a0140c

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 05:16

Target

48601e229795d9c51ffd8ae0d5d7f473_JaffaCakes118.exe
Size

128KB
MD5

48601e229795d9c51ffd8ae0d5d7f473
SHA1

ca4f977584ca90460f7f7fe9f9e5060cc5e576a8
SHA256

787afd8fbdb150ed0ddd5fa5e60308bc55ac3ba52a7b9cd4ab6de29663a0140c
SHA512

583303bc3fbf80ea210443acd1373dfa7120b3a04402cf1e41091d9d9e33fe1545f0b890f0c0653672b0b8b7c590162efb46838e39a841040831919d0a86d564
SSDEEP

3072:SdZpwKzkwRNvSKeJ0OLczIOHDZz6bl1Eyrlccp7SlHT3ag7zkL:S9wMkKsJ0OnOdm8yxXVY3aekL

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3020	2416	WerFault.exe	30

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 3020	2416	48601e229795d9c51ffd8ae0d5d7f473_JaffaCakes118.exe	31
PID 2416 wrote to memory of 3020	2416	48601e229795d9c51ffd8ae0d5d7f473_JaffaCakes118.exe	31
PID 2416 wrote to memory of 3020	2416	48601e229795d9c51ffd8ae0d5d7f473_JaffaCakes118.exe	31
PID 2416 wrote to memory of 3020	2416	48601e229795d9c51ffd8ae0d5d7f473_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\48601e229795d9c51ffd8ae0d5d7f473_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\48601e229795d9c51ffd8ae0d5d7f473_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 36
  2⤵
  - Program crash
  PID:3020

memory/2416-0-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/2416-1-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download