a1a96b22cbb740d5604307a4c145804e7ed243f9c046566ae87db64b17a0901d

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 03:48

Target

5a597cce5553a04c21dc5a27a8b51cdb_JaffaCakes118.exe
Size

110KB
MD5

5a597cce5553a04c21dc5a27a8b51cdb
SHA1

2323f9fc71beaffd6f34864f6acbff5e4324ef6e
SHA256

a1a96b22cbb740d5604307a4c145804e7ed243f9c046566ae87db64b17a0901d
SHA512

4cf01248f4b646e469056d969c6c217395327adaa52925a8df5fca8ff3ab12b57e96b8955418b9df8895b9de3b4964687c36738df4e0a1c2dd7a5ce376c19cf1
SSDEEP

3072:GgUR3lf3oxePF9H9dRIUxf041ZPF/As15gDrP6WKLpJ:MvsePTpIMf02/V15gDrP6WKVJ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2884	2932	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2884	2932	5a597cce5553a04c21dc5a27a8b51cdb_JaffaCakes118.exe	28
PID 2932 wrote to memory of 2884	2932	5a597cce5553a04c21dc5a27a8b51cdb_JaffaCakes118.exe	28
PID 2932 wrote to memory of 2884	2932	5a597cce5553a04c21dc5a27a8b51cdb_JaffaCakes118.exe	28
PID 2932 wrote to memory of 2884	2932	5a597cce5553a04c21dc5a27a8b51cdb_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\5a597cce5553a04c21dc5a27a8b51cdb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5a597cce5553a04c21dc5a27a8b51cdb_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 36
  2⤵
  - Program crash
  PID:2884

memory/2932-0-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download