e741b9c24b5220a207af22642d7a4394ad2b4ba084aebd70f0a5a786889ff04d

Analysis

max time kernel
141s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 09:00

Target

5b4393684f5e73ee975ca2055a01a9de_JaffaCakes118.exe
Size

320KB
MD5

5b4393684f5e73ee975ca2055a01a9de
SHA1

8841b3e538e0468aaee09f5780f4b856f3905df1
SHA256

e741b9c24b5220a207af22642d7a4394ad2b4ba084aebd70f0a5a786889ff04d
SHA512

32b18ca2b5d9c8e9ac490341a8a063f0d947ee3f38a2a8d008274223a5e5c2d87200e3d7f76d160abe5937092b793f936e76479ecb1d489d52bc2cb6bae11fb3
SSDEEP

6144:nVKVsZdh5nNSzbJPrjL3gUlqI7t/eHcD5lni:qgd85XYAticD5k

Score

3^/10

Program crash 9 IoCs

pid	pid_target	Process	procid_target
5000	4488	WerFault.exe	83
216	4488	WerFault.exe	83
3000	4488	WerFault.exe	83
4180	4488	WerFault.exe	83
1788	4488	WerFault.exe	83
1680	4488	WerFault.exe	83
624	4488	WerFault.exe	83
2068	4488	WerFault.exe	83
888	4488	WerFault.exe	83

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4488	5b4393684f5e73ee975ca2055a01a9de_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5b4393684f5e73ee975ca2055a01a9de_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5b4393684f5e73ee975ca2055a01a9de_JaffaCakes118.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:4488
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 560
  2⤵
  - Program crash
  PID:5000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 860
  2⤵
  - Program crash
  PID:216
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 868
  2⤵
  - Program crash
  PID:3000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 892
  2⤵
  - Program crash
  PID:4180
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 676
  2⤵
  - Program crash
  PID:1788
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 724
  2⤵
  - Program crash
  PID:1680
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 680
  2⤵
  - Program crash
  PID:624
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 724
  2⤵
  - Program crash
  PID:2068
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 856
  2⤵
  - Program crash
  PID:888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4488 -ip 4488
1⤵
PID:4008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4488 -ip 4488
1⤵
PID:1320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4488 -ip 4488
1⤵
PID:804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4488 -ip 4488
1⤵
PID:228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4488 -ip 4488
1⤵
PID:212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4488 -ip 4488
1⤵
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4488 -ip 4488
1⤵
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4488 -ip 4488
1⤵
PID:2400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4488 -ip 4488
1⤵
PID:3372

memory/4488-6-0x0000000000A80000-0x0000000000A81000-memory.dmp

Filesize
4KB

Download
memory/4488-7-0x0000000000561000-0x0000000000562000-memory.dmp

Filesize
4KB

Download
memory/4488-8-0x0000000000560000-0x00000000005C6FF0-memory.dmp

Filesize
411KB

Download
memory/4488-9-0x0000000000560000-0x00000000005C6FF0-memory.dmp

Filesize
411KB

Download
memory/4488-11-0x0000000000561000-0x0000000000562000-memory.dmp

Filesize
4KB

Download