307c79bf163ab8e5fa6e78d2f0b5f5ceb2b39cf2aa534cdeb22f3ad78a867405

Analysis

max time kernel
11s
max time network
15s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 18:49

Target

5d37d4f3e4cefb54f161720044357211_JaffaCakes118.exe
Size

28KB
MD5

5d37d4f3e4cefb54f161720044357211
SHA1

9d93a3e69cb04a7217107bb10c0d10b387a5aa4e
SHA256

307c79bf163ab8e5fa6e78d2f0b5f5ceb2b39cf2aa534cdeb22f3ad78a867405
SHA512

430743f54b8474a965d96ca8590c6a3b9345bbb5c02d91c4f914ca24ac73bc280331ec9d62ecadcdaed6719ecd134ca0640de823edf45b2ed8bf001b2d2c85a8
SSDEEP

192:oM3+hjlMXh6AtfXDkO/AF75dFE1htxfDQox3lOt0Hy8e4dkapdHk5j33q:oM3+PQh6ABkOqmz1OYIIka3er3q

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2536	2544	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 2536	2544	5d37d4f3e4cefb54f161720044357211_JaffaCakes118.exe	30
PID 2544 wrote to memory of 2536	2544	5d37d4f3e4cefb54f161720044357211_JaffaCakes118.exe	30
PID 2544 wrote to memory of 2536	2544	5d37d4f3e4cefb54f161720044357211_JaffaCakes118.exe	30
PID 2544 wrote to memory of 2536	2544	5d37d4f3e4cefb54f161720044357211_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\5d37d4f3e4cefb54f161720044357211_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d37d4f3e4cefb54f161720044357211_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 88
  2⤵
  - Program crash
  PID:2536

memory/2544-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download