9aeeae6ea27dddc913691cb1bd59df8cddd422bfb182e8a63f7e84c1bc8f9ba4

Analysis

max time kernel
91s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 03:48

Target

ec9b16c4f437414ec1212d2e5425f562_JaffaCakes118.dll
Size

30KB
MD5

ec9b16c4f437414ec1212d2e5425f562
SHA1

057b64a277b2937183033e434c2115b4f21629f0
SHA256

9aeeae6ea27dddc913691cb1bd59df8cddd422bfb182e8a63f7e84c1bc8f9ba4
SHA512

dc3e255080b271e846c82d1d462c6ec4f4d6aa313f26496fe871121caf6fa4586db5f586b516ebb364e17a3eed5ecec060ebf35ab048744f270d9e4c4bc56c5f
SSDEEP

768:fUzMHiDV7XD7FZWq3YTtmYbwoX71ssqWd7c0:fGMHitvtkXlsfMl

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4220	4620	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4832 wrote to memory of 4620	4832	rundll32.exe	83
PID 4832 wrote to memory of 4620	4832	rundll32.exe	83
PID 4832 wrote to memory of 4620	4832	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ec9b16c4f437414ec1212d2e5425f562_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4832
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ec9b16c4f437414ec1212d2e5425f562_JaffaCakes118.dll,#1
  2⤵
  PID:4620
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 548
    3⤵
    - Program crash
    PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4620 -ip 4620
1⤵
PID:2832

memory/4620-0-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download