a68df84d5822b695200c650cbe21885093f0a27da6bcb65fa49a1add15e45bbc

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 08:23

Target

5b27f65508ad66dd652d396be6fad62c_JaffaCakes118.exe
Size

22KB
MD5

5b27f65508ad66dd652d396be6fad62c
SHA1

a55b6df80cce48fe17c1f18046b9a272fda06e2f
SHA256

a68df84d5822b695200c650cbe21885093f0a27da6bcb65fa49a1add15e45bbc
SHA512

5d928528653be292cc327c01503d42ca0c20902cdb5376aa4a88e9d51655cb66b302f72afb9723c30f79e17cee3739871ee240fed3418e896edf4dd5a391d7db
SSDEEP

384:StYxbA6L1iq8PQH9Yn1uSToq8Txf1WFFG67lVrf1ky/rQzYkMJBP5EY2tsd:Nxb7iBYKn1Xps0FFG67Hr9kerchSBSts

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2324	2284	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 2324	2284	5b27f65508ad66dd652d396be6fad62c_JaffaCakes118.exe	31
PID 2284 wrote to memory of 2324	2284	5b27f65508ad66dd652d396be6fad62c_JaffaCakes118.exe	31
PID 2284 wrote to memory of 2324	2284	5b27f65508ad66dd652d396be6fad62c_JaffaCakes118.exe	31
PID 2284 wrote to memory of 2324	2284	5b27f65508ad66dd652d396be6fad62c_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\5b27f65508ad66dd652d396be6fad62c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5b27f65508ad66dd652d396be6fad62c_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 116
  2⤵
  - Program crash
  PID:2324