0e14936eddf5e9f42517423119eeed2efc8fc624685726e591f803872bfd7fe8

Analysis

max time kernel
93s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 07:13

Target

f2f7eb55c84100d57a6cdfa1bdab3a83_JaffaCakes118.dll
Size

845KB
MD5

f2f7eb55c84100d57a6cdfa1bdab3a83
SHA1

abcdf1cfbaac95334e4047bc91adfc4831c8edaf
SHA256

0e14936eddf5e9f42517423119eeed2efc8fc624685726e591f803872bfd7fe8
SHA512

5d5000663be7b05fe83f909552f965fe197a08a6dfb7763f511a09eac94813db9484c1b1ea17e69371439929c1c215be849d188f7a11fefa8b0a69a5c1930723
SSDEEP

24576:XNmaEpDRpG7G7ND08mR1QEiHG/d76txV/b:XbEdzfkR1QEiWdOtxVT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2616	3456	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 432 wrote to memory of 3456	432	rundll32.exe	86
PID 432 wrote to memory of 3456	432	rundll32.exe	86
PID 432 wrote to memory of 3456	432	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2f7eb55c84100d57a6cdfa1bdab3a83_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2f7eb55c84100d57a6cdfa1bdab3a83_JaffaCakes118.dll,#1
  2⤵
  PID:3456
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 640
    3⤵
    - Program crash
    PID:2616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3456 -ip 3456
1⤵
PID:2504

memory/3456-0-0x0000000000400000-0x0000000000502000-memory.dmp

Filesize
1.0MB

Download
memory/3456-1-0x0000000000C40000-0x0000000000C41000-memory.dmp

Filesize
4KB

Download
memory/3456-2-0x0000000000400000-0x0000000000502000-memory.dmp

Filesize
1.0MB

Download
memory/3456-3-0x0000000000400000-0x0000000000502000-memory.dmp

Filesize
1.0MB

Download