323b40029659a28ccf2e96b65ca405f4ea67c2cb32715a5f95853b484d8097c4

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 12:35

Target

ea01198db6288e01b8b2dffacec649e2_JaffaCakes118.dll
Size

79KB
MD5

ea01198db6288e01b8b2dffacec649e2
SHA1

5f2614d21296a4ae5a540c3fe94958ae54a1be7a
SHA256

323b40029659a28ccf2e96b65ca405f4ea67c2cb32715a5f95853b484d8097c4
SHA512

02f55289497d3838541f5b6fed8b06b63d6c7cdc2d6acd433fb516040cb371f906f312802f550ab96c1cc0cea41fb1e0fc70dc7d8f34bbf295fb8ae10125b740
SSDEEP

768:bQgkKfhGGvJxd7XPmjQujUWc60jdeuyOezCB9GFnkzElL/mF8BJU3tOLuHeOfjoo:cxKf8OrhSdU9yOlgFn0kmF8U71Ey

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5056	2140	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 2140	1696	rundll32.exe	85
PID 1696 wrote to memory of 2140	1696	rundll32.exe	85
PID 1696 wrote to memory of 2140	1696	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ea01198db6288e01b8b2dffacec649e2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ea01198db6288e01b8b2dffacec649e2_JaffaCakes118.dll,#1
  2⤵
  PID:2140
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 544
    3⤵
    - Program crash
    PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2140 -ip 2140
1⤵
PID:2824

memory/2140-0-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download