7deaf0ee4ef44cf97f40d216c021152dbdd81d6bd31b70520df8a2d5a93dbccf

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 09:19

Target

f32bcf68c7ef9b53f17de0ca8392fade_JaffaCakes118.dll
Size

320KB
MD5

f32bcf68c7ef9b53f17de0ca8392fade
SHA1

c33f6e626b72ec96f5d5f6ab41c1b554373e382a
SHA256

7deaf0ee4ef44cf97f40d216c021152dbdd81d6bd31b70520df8a2d5a93dbccf
SHA512

c626c46897579c759a3b2c4dba1c5c0a9095d97ec0f36366cce274de7bae2fe79e5d9b45fb68646b7fb3b83b818ff9ddc3e4053a21eb08c8026dc438b75e1646
SSDEEP

6144:v7WgZLtXZC5yyBkySsnGpgsvkfEYUh+16Ui76FHbIuN1WoIR32JV:v7WgZLts5yCbSsnGpga1+EUiOpuLN2

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4396	3752	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 3752	1684	rundll32.exe	86
PID 1684 wrote to memory of 3752	1684	rundll32.exe	86
PID 1684 wrote to memory of 3752	1684	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f32bcf68c7ef9b53f17de0ca8392fade_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f32bcf68c7ef9b53f17de0ca8392fade_JaffaCakes118.dll,#1
  2⤵
  PID:3752
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 596
    3⤵
    - Program crash
    PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3752 -ip 3752
1⤵
PID:4828

memory/3752-0-0x0000000000660000-0x0000000000679000-memory.dmp

Filesize
100KB

Download