4b43de8284fa4339f7a3de8739600712360f6bce298f117a86b50a9778640bbc

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 20:14

Target

JaffaCakes118_4b43de8284fa4339f7a3de8739600712360f6bce298f117a86b50a9778640bbc.exe
Size

109.6MB
MD5

4154523bc986d767adeb1731d6c9c277
SHA1

cad8a265f882142319bb9e870001c1ad585b389a
SHA256

4b43de8284fa4339f7a3de8739600712360f6bce298f117a86b50a9778640bbc
SHA512

30bd8729637343f9f607064fbbf851599f31bb91a32a23b227b9f98742de8b939753b2e5e617e287dc7ccc11d23bf68966a3976ee60803125fff1ba4e00ee119
SSDEEP

786432:BpB0NEbk8nVyPT35we1BdJeKtkoqzKlOjtNRjVTio80XdbSaNzZ:nBBqye1j+trQnGZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 2496	2704	JaffaCakes118_4b43de8284fa4339f7a3de8739600712360f6bce298f117a86b50a9778640bbc.exe	30
PID 2704 wrote to memory of 2496	2704	JaffaCakes118_4b43de8284fa4339f7a3de8739600712360f6bce298f117a86b50a9778640bbc.exe	30
PID 2704 wrote to memory of 2496	2704	JaffaCakes118_4b43de8284fa4339f7a3de8739600712360f6bce298f117a86b50a9778640bbc.exe	30

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4b43de8284fa4339f7a3de8739600712360f6bce298f117a86b50a9778640bbc.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4b43de8284fa4339f7a3de8739600712360f6bce298f117a86b50a9778640bbc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2704 -s 28
  2⤵
  PID:2496

memory/2704-0-0x000000013FEB0000-0x0000000140EB0000-memory.dmp

Filesize
16.0MB

Download