9246aaa4119ab78c06e12f3cba6da3941c641b4a132a36b8fbcf45372ea08f56

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
02-07-2024 08:13

Target

1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118.exe
Size

186KB
MD5

1e98591806468a3bc9d68e7fa659a3e2
SHA1

af379098cad3f17e223ecd1aa8a026f927eda1bd
SHA256

9246aaa4119ab78c06e12f3cba6da3941c641b4a132a36b8fbcf45372ea08f56
SHA512

d03c238651a9f8e9309e46fb9131ff4e2b44b16668c43a5e9f9f12e574922eaaf2ed0ecf6ac382de5d53a91450b5b5ecb1adbdeb7f7e2b07dffa71826fb0faf2
SSDEEP

3072:knxwgxgfR/DVG7wBpEfdPbzIcJabw0ejQ7sDz1RNnF:4+xDVG0BpjcJa80mQ7sX1RJF

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118mgr.exe

pid process

2372 1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118mgr.exe

pid	process
2372	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118mgr.exe

Loads dropped DLL 9 IoCs

Processes:

1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118.exeWerFault.exe

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

2348 1972 WerFault.exe 1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118.exe
2176 2372 WerFault.exe 1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118mgr.exe

pid	pid_target	process	target process
2348	1972	WerFault.exe	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118.exe
2176	2372	WerFault.exe	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118mgr.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118.exe1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118mgr.exe

description	pid	process	target process
PID 1972 wrote to memory of 2372	1972	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118.exe	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118mgr.exe
PID 1972 wrote to memory of 2372	1972	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118.exe	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118mgr.exe
PID 1972 wrote to memory of 2372	1972	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118.exe	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118mgr.exe
PID 1972 wrote to memory of 2372	1972	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118.exe	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118mgr.exe
PID 1972 wrote to memory of 2348	1972	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118.exe	WerFault.exe
PID 1972 wrote to memory of 2348	1972	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118.exe	WerFault.exe
PID 1972 wrote to memory of 2348	1972	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118.exe	WerFault.exe
PID 1972 wrote to memory of 2348	1972	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118.exe	WerFault.exe
PID 2372 wrote to memory of 2176	2372	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118mgr.exe	WerFault.exe
PID 2372 wrote to memory of 2176	2372	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118mgr.exe	WerFault.exe
PID 2372 wrote to memory of 2176	2372	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118mgr.exe	WerFault.exe
PID 2372 wrote to memory of 2176	2372	1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118mgr.exe	WerFault.exe

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 100
2⤵
- Program crash
PID:2348

\Users\Admin\AppData\Local\Temp\1e98591806468a3bc9d68e7fa659a3e2_JaffaCakes118mgr.exe
Filesize
92KB

MD5
96cff787d9cd572c465811f1b072e852

SHA1
f41dc6bbaa9e613f255484a125d83fa1b336148c

SHA256
8735197d71a2a4c3894f43e1461e9ae4ccd4ca5c861332ae3c79e02f48143de9

SHA512
19789b2071f8e04e186135c6d2495ece4e69da19c1cf748e6619ed6fcbfca36e6698cce5f0dc10bc7d81847be2eb36ea3f2b9504d26088ac8b9903e6506394ff

Download Submit
memory/1972-1-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1972-9-0x0000000000120000-0x000000000016E000-memory.dmp

Filesize
312KB

Download
memory/1972-10-0x0000000000120000-0x000000000016E000-memory.dmp

Filesize
312KB

Download
memory/1972-19-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2372-11-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download