81e05c965d4141756e6477fb105ced1af0c57207f683576a4f8f87b939cf92ef

Analysis

max time kernel
93s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 22:10

Target

f470a810b7391146a65391d9390c0b3e_JaffaCakes118.dll
Size

73KB
MD5

f470a810b7391146a65391d9390c0b3e
SHA1

6fbbbbfb8d19204df46cb7b45a797c04c137754b
SHA256

81e05c965d4141756e6477fb105ced1af0c57207f683576a4f8f87b939cf92ef
SHA512

1168266b29e78defbe8a257fa034d2689ef51bf85b340bffb4a21fed267cd94efd43dab519db9be1774567e748f98f67cf722561894e715619994325ea4443a9
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuP:C5UOq0ukgOK2l7aFQP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3492	4452	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3804 wrote to memory of 4452	3804	rundll32.exe	85
PID 3804 wrote to memory of 4452	3804	rundll32.exe	85
PID 3804 wrote to memory of 4452	3804	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f470a810b7391146a65391d9390c0b3e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3804
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f470a810b7391146a65391d9390c0b3e_JaffaCakes118.dll,#1
  2⤵
  PID:4452
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 600
    3⤵
    - Program crash
    PID:3492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4452 -ip 4452
1⤵
PID:3400