ed8f19efe279749a385656937f541f28b00deee36abd2c86384ddac30b764bf7

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 08:31

Target

f318fdd4df8e35599379ba095baf52c2_JaffaCakes118.dll
Size

66KB
MD5

f318fdd4df8e35599379ba095baf52c2
SHA1

7bd98d7e6b722fb8a1438275cfb103d5f45529bd
SHA256

ed8f19efe279749a385656937f541f28b00deee36abd2c86384ddac30b764bf7
SHA512

cea40f193622ffd9dedc7e1f2fd42462aca5e8421cd1efd64b5e81d8e83133a36ea5ff1bc6d1be756e0670104de3421bf2310841cade26fb0b5bb09469602c95
SSDEEP

1536:PSwlKC19SnIhSmet8/MfKVyPnsVjpPQ733SnJQmszn9e/POns:HAMbEU0miA70n8P1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2660	1968	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 1968	2624	rundll32.exe	83
PID 2624 wrote to memory of 1968	2624	rundll32.exe	83
PID 2624 wrote to memory of 1968	2624	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f318fdd4df8e35599379ba095baf52c2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f318fdd4df8e35599379ba095baf52c2_JaffaCakes118.dll,#1
  2⤵
  PID:1968
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 548
    3⤵
    - Program crash
    PID:2660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1968 -ip 1968
1⤵
PID:3036

memory/1968-0-0x0000000010000000-0x0000000010683000-memory.dmp

Filesize
6.5MB

Download