679a4974ab63899ed62e52788c391369675a904adc969c93d4ec274dada141d2

Analysis

max time kernel
21s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 01:47

Target

59fa728668cadc67f6c031e08cf7d203_JaffaCakes118.exe
Size

193KB
MD5

59fa728668cadc67f6c031e08cf7d203
SHA1

6fe6f0f77504d02560e2ce3cea79e01dc8dc1c8e
SHA256

679a4974ab63899ed62e52788c391369675a904adc969c93d4ec274dada141d2
SHA512

9e273dc3707de2a13e58d78bb6f5694493886f88ffc1a5893fd7290be509be56439cd8d31c247d7bf72ad9a2f650af4dca84d5eaf175687572b347a3e967318b
SSDEEP

3072:pR2xn3k0CdM1vabyzJYWqSSpbaxhptgiHaKruj3A3dS5DFZSHZFD:pR2J0LS6VTI/fjaHQ31V

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2548	59fa728668cadc67f6c031e08cf7d203_JaffaCakes118mgr.exe

Loads dropped DLL 9 IoCs

pid	Process
2316	59fa728668cadc67f6c031e08cf7d203_JaffaCakes118.exe
2316	59fa728668cadc67f6c031e08cf7d203_JaffaCakes118.exe
2064	WerFault.exe
2064	WerFault.exe
2064	WerFault.exe
2064	WerFault.exe
2064	WerFault.exe
2064	WerFault.exe
2064	WerFault.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2064	2548	WerFault.exe	30
2928	2316	WerFault.exe	29

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 2548	2316	59fa728668cadc67f6c031e08cf7d203_JaffaCakes118.exe	30
PID 2316 wrote to memory of 2548	2316	59fa728668cadc67f6c031e08cf7d203_JaffaCakes118.exe	30
PID 2316 wrote to memory of 2548	2316	59fa728668cadc67f6c031e08cf7d203_JaffaCakes118.exe	30
PID 2316 wrote to memory of 2548	2316	59fa728668cadc67f6c031e08cf7d203_JaffaCakes118.exe	30
PID 2548 wrote to memory of 2064	2548	59fa728668cadc67f6c031e08cf7d203_JaffaCakes118mgr.exe	31
PID 2548 wrote to memory of 2064	2548	59fa728668cadc67f6c031e08cf7d203_JaffaCakes118mgr.exe	31
PID 2548 wrote to memory of 2064	2548	59fa728668cadc67f6c031e08cf7d203_JaffaCakes118mgr.exe	31
PID 2548 wrote to memory of 2064	2548	59fa728668cadc67f6c031e08cf7d203_JaffaCakes118mgr.exe	31
PID 2316 wrote to memory of 2928	2316	59fa728668cadc67f6c031e08cf7d203_JaffaCakes118.exe	32
PID 2316 wrote to memory of 2928	2316	59fa728668cadc67f6c031e08cf7d203_JaffaCakes118.exe	32
PID 2316 wrote to memory of 2928	2316	59fa728668cadc67f6c031e08cf7d203_JaffaCakes118.exe	32
PID 2316 wrote to memory of 2928	2316	59fa728668cadc67f6c031e08cf7d203_JaffaCakes118.exe	32

C:\Users\Admin\AppData\Local\Temp\59fa728668cadc67f6c031e08cf7d203_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\59fa728668cadc67f6c031e08cf7d203_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Users\Admin\AppData\Local\Temp\59fa728668cadc67f6c031e08cf7d203_JaffaCakes118mgr.exe
  C:\Users\Admin\AppData\Local\Temp\59fa728668cadc67f6c031e08cf7d203_JaffaCakes118mgr.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2548
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 156
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2064
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 152
  2⤵
  - Program crash
  PID:2928

C:\Users\Admin\AppData\Local\Temp\59fa728668cadc67f6c031e08cf7d203_JaffaCakes118mgr.exe

Filesize
95KB

MD5
f8a6e7529ad1b00a18c6ca2702521471

SHA1
2cadb00ca99be622623dc78095f594bedfec7534

SHA256
ce8e07cec9c3857f48e20916c65413335ab480b0c3d70345e98147b2ff7b8de6

SHA512
e1c3f164aa58360e4b664341ddea907fe990fa93de6f1e98b4fe87bf713e62b50191d738afc5591ead628f6f58dead74d78d26267ac03079f96bcb85b93ce2f7

Download Submit
memory/2316-1-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/2316-9-0x0000000000150000-0x0000000000188000-memory.dmp

Filesize
224KB

Download
memory/2316-18-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/2548-10-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download