1568e5a56b0637b85eda10f905f5057b8416e157fb635168f53743ed215fae5d

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 17:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

642c7e392ec81cc07c29729f0dd77b7d_JaffaCakes118.exe
Size

2.3MB
MD5

642c7e392ec81cc07c29729f0dd77b7d
SHA1

92fe86f188a91f9bf842f17b8641dfba116b1bb4
SHA256

1568e5a56b0637b85eda10f905f5057b8416e157fb635168f53743ed215fae5d
SHA512

2dc3dac2f5e282c5b18491eb44a3426b0fee94f7663a6ccbe5635c5c8f34f2d2957e0eb56f2482ba6a15bb47fb6b8371440722f595d3ac1764133068bb4ff373
SSDEEP

49152:+EJ6nteJD5kZS4SQsZbBfZCEoEgjUKhq7ZwYo5rRW8xn4:+EJ6CD5kZSYsZbv5gjvKZwYMrs8l4

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2436	2532	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 952 wrote to memory of 2532	952	642c7e392ec81cc07c29729f0dd77b7d_JaffaCakes118.exe	84
PID 952 wrote to memory of 2532	952	642c7e392ec81cc07c29729f0dd77b7d_JaffaCakes118.exe	84
PID 952 wrote to memory of 2532	952	642c7e392ec81cc07c29729f0dd77b7d_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\642c7e392ec81cc07c29729f0dd77b7d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\642c7e392ec81cc07c29729f0dd77b7d_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:952
- C:\Users\Admin\AppData\Local\Temp\642c7e392ec81cc07c29729f0dd77b7d_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\642c7e392ec81cc07c29729f0dd77b7d_JaffaCakes118.exe"
  2⤵
  PID:2532
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 528
    3⤵
    - Program crash
    PID:2436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2532 -ip 2532
1⤵
PID:988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/952-19-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/952-6-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/952-7-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/952-5-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/952-4-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/952-1-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/952-2-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/952-8-0x0000000000400000-0x0000000001BC6000-memory.dmp

Filesize
23.8MB

Download
memory/952-0-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/952-21-0x0000000000400000-0x0000000001BC6000-memory.dmp

Filesize
23.8MB

Download
memory/952-3-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/2532-15-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/2532-13-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/2532-17-0x0000000000400000-0x0000000001BC6000-memory.dmp

Filesize
23.8MB

Download
memory/2532-14-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/2532-18-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/2532-20-0x0000000000400000-0x0000000001BC6000-memory.dmp

Filesize
23.8MB

Download
memory/2532-16-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/2532-23-0x0000000000400000-0x0000000001BC6000-memory.dmp

Filesize
23.8MB

Download
memory/2532-24-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads