7a0ab3bd41b96c3c6cb8fdabaeb54643756b19b0e8d643d895a9f1973d2eda52

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2024 04:45

Target

f056a2600d456facc31ef6912fc3e212_JaffaCakes118.dll
Size

9KB
MD5

f056a2600d456facc31ef6912fc3e212
SHA1

52fbc84826dc5c4430325835d332e0eb4851686d
SHA256

7a0ab3bd41b96c3c6cb8fdabaeb54643756b19b0e8d643d895a9f1973d2eda52
SHA512

036c7bb2afe83fefbb475626a39614ca09ffa2a06d054bc454103e3cb701582fed801f8eb846e81bf340c1af24d53a0571af11c254b099a6e8b0dc90740c47c2
SSDEEP

192:sRZO+uDYg4cQUhiZWAe7W+f6nuTpmvU06FCHU2:sXBHbUgwAIPmvU06FV

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4036	2136	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2136	2856	rundll32.exe	85
PID 2856 wrote to memory of 2136	2856	rundll32.exe	85
PID 2856 wrote to memory of 2136	2856	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f056a2600d456facc31ef6912fc3e212_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f056a2600d456facc31ef6912fc3e212_JaffaCakes118.dll,#1
  2⤵
  PID:2136
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 552
    3⤵
    - Program crash
    PID:4036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2136 -ip 2136
1⤵
PID:1364

memory/2136-0-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download