b190ba63f152f6c7073d49253c6f3c40bd142ddb32b94cc9a079a1d460437be8

Analysis

max time kernel
92s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04/04/2024, 16:40

Target

bd4d8e943005b149e2a175b32abefc35_JaffaCakes118.dll
Size

215KB
MD5

bd4d8e943005b149e2a175b32abefc35
SHA1

5f19792aa2465aa43f965e31f91bd72979a40eb3
SHA256

b190ba63f152f6c7073d49253c6f3c40bd142ddb32b94cc9a079a1d460437be8
SHA512

5e8921e27ca6497d1503b765b32512a3c4c315a49a0ce5b939050b3359c06fbdae40bdd5812e34d3f75bd01f6210afbd3cc734a9f6c73e17853b1b7dfdf0af54
SSDEEP

3072:lhkJ8Cy/Z15rEsm15aEsm15aEsm15aEsm15p15ihkJ8Cy/f:lkgr5rZ05aZ05aZ05aZ05b5ikgf

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4432	4544	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 4544	436	rundll32.exe	85
PID 436 wrote to memory of 4544	436	rundll32.exe	85
PID 436 wrote to memory of 4544	436	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd4d8e943005b149e2a175b32abefc35_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:436
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd4d8e943005b149e2a175b32abefc35_JaffaCakes118.dll,#1
  2⤵
  PID:4544
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 600
    3⤵
    - Program crash
    PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4544 -ip 4544
1⤵
PID:4724