4db804033d8ff9a74ef8063df97d1ff63ac4c5e10f3e7d7c1308ea8c29319445

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 22:08

Target

64fac0399f4ea0926475e720f9740a46_JaffaCakes118.exe
Size

312KB
MD5

64fac0399f4ea0926475e720f9740a46
SHA1

3225a5f3db82cc55ebb36f3b77f06bc74433b14b
SHA256

4db804033d8ff9a74ef8063df97d1ff63ac4c5e10f3e7d7c1308ea8c29319445
SHA512

2403078601280cd82967d8c8604a56a8ef455d0070ad4c1cdf22879532c7129671fa5a99e462e12cde64e5a50408a1da72a4c6c85d4edc23276e8b0d5d095cd9
SSDEEP

6144:0hNY6mBrHjX6Gc75o9ZO9tp4W+DS/eTAj0fPKKp:00/BrLK5IO9tpo6eTAwfPNp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2520	1920	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 2520	1920	64fac0399f4ea0926475e720f9740a46_JaffaCakes118.exe	30
PID 1920 wrote to memory of 2520	1920	64fac0399f4ea0926475e720f9740a46_JaffaCakes118.exe	30
PID 1920 wrote to memory of 2520	1920	64fac0399f4ea0926475e720f9740a46_JaffaCakes118.exe	30
PID 1920 wrote to memory of 2520	1920	64fac0399f4ea0926475e720f9740a46_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\64fac0399f4ea0926475e720f9740a46_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\64fac0399f4ea0926475e720f9740a46_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 96
  2⤵
  - Program crash
  PID:2520