677475e88459a2cebb190d9376d434ac41efc4116a07baa11dbd09f7df543682

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 12:55

Target

ed788f19d1d1c5d1b8c979c6ae0f274e_JaffaCakes118.dll
Size

176KB
MD5

ed788f19d1d1c5d1b8c979c6ae0f274e
SHA1

43b28d68275f4697f198827c9fb8bc0b53848160
SHA256

677475e88459a2cebb190d9376d434ac41efc4116a07baa11dbd09f7df543682
SHA512

6fa8859219a478aa8e7d6e6af8f642166c7f34bdf6b5b56999f8ae046a32010409a2a1a510dc52eab1699947e242145721800b7fb393857f7f328562e2dae847
SSDEEP

3072:I76siZ866e2YeHq2ECguCCMSc0win4r35xycxF5Z6Y4RpPJRybU64RfJOajTX:I7Fc6ID2YuCCMSc0wES3P5hKPJRB649P

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4380	1692	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 1692	2224	rundll32.exe	84
PID 2224 wrote to memory of 1692	2224	rundll32.exe	84
PID 2224 wrote to memory of 1692	2224	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed788f19d1d1c5d1b8c979c6ae0f274e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed788f19d1d1c5d1b8c979c6ae0f274e_JaffaCakes118.dll,#1
  2⤵
  PID:1692
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 588
    3⤵
    - Program crash
    PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1692 -ip 1692
1⤵
PID:2132

memory/1692-0-0x0000000002B70000-0x0000000002B91000-memory.dmp

Filesize
132KB

Download