c3e560ae5b815341deb695f0015c1f28d25ce9bad901b5ee536a2ee63deee9d3

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
18-07-2024 09:55

Target

56dd6318eb6969046fd319a2323646b6_JaffaCakes118.exe
Size

314KB
MD5

56dd6318eb6969046fd319a2323646b6
SHA1

be2d7f02cfa582fa14a85bf7c53d60d93dd982de
SHA256

c3e560ae5b815341deb695f0015c1f28d25ce9bad901b5ee536a2ee63deee9d3
SHA512

b07509b45e13e1f4a5311a67adbb347ec58d4c9f85c935724043f889a81a0a489ce57f9123281f0046a31ac3af4d17c896d64026505f4884123c16a28b1cab2b
SSDEEP

3072:ZJ6ExRaQ6raoCoCyz6/mqv1JR+yBtGOeaeWgiHqvUi/dCMMw2bWwfouoh0YTDy92:ZJvaO1tme++wiKvz/alTrg0YT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2384	1672	56dd6318eb6969046fd319a2323646b6_JaffaCakes118.exe	30
PID 1672 wrote to memory of 2384	1672	56dd6318eb6969046fd319a2323646b6_JaffaCakes118.exe	30
PID 1672 wrote to memory of 2384	1672	56dd6318eb6969046fd319a2323646b6_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\56dd6318eb6969046fd319a2323646b6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\56dd6318eb6969046fd319a2323646b6_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1672 -s 524
  2⤵
  PID:2384

memory/1672-0-0x000007FEF5A03000-0x000007FEF5A04000-memory.dmp

Filesize
4KB

Download
memory/1672-1-0x0000000000140000-0x0000000000194000-memory.dmp

Filesize
336KB

Download
memory/1672-2-0x0000000000210000-0x0000000000218000-memory.dmp

Filesize
32KB

Download
memory/1672-3-0x000007FEF5A00000-0x000007FEF63EC000-memory.dmp

Filesize
9.9MB

Download
memory/1672-4-0x000007FEF5A03000-0x000007FEF5A04000-memory.dmp

Filesize
4KB

Download
memory/1672-5-0x000007FEF5A00000-0x000007FEF63EC000-memory.dmp

Filesize
9.9MB

Download