228274ec59d4df252066f25d53a4ab46a5faae4690fbc893cbd516bfdeaeff77

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 10:27

Target

f58f99e9d62b7626b612be6bce4980b7_JaffaCakes118.dll
Size

212KB
MD5

f58f99e9d62b7626b612be6bce4980b7
SHA1

82d680de6dd3c5405b2054e729f11ba2e4aa37a7
SHA256

228274ec59d4df252066f25d53a4ab46a5faae4690fbc893cbd516bfdeaeff77
SHA512

0035f6af608c7b76512aadcaeb7f73f34704663e87e1de441b73529aa69bb1eb3eb11001b0c0ece5854b3bd2dad75d0928cd2b345f60b3a292c5e126a6aa1bdb
SSDEEP

6144:4sRcD8u1T9zltjV6XeoOow+AOqYPDixq:4sCD8u19zleeopPZixq

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2968	2820	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2820	2352	rundll32.exe	28
PID 2352 wrote to memory of 2820	2352	rundll32.exe	28
PID 2352 wrote to memory of 2820	2352	rundll32.exe	28
PID 2352 wrote to memory of 2820	2352	rundll32.exe	28
PID 2352 wrote to memory of 2820	2352	rundll32.exe	28
PID 2352 wrote to memory of 2820	2352	rundll32.exe	28
PID 2352 wrote to memory of 2820	2352	rundll32.exe	28
PID 2820 wrote to memory of 2968	2820	rundll32.exe	29
PID 2820 wrote to memory of 2968	2820	rundll32.exe	29
PID 2820 wrote to memory of 2968	2820	rundll32.exe	29
PID 2820 wrote to memory of 2968	2820	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f58f99e9d62b7626b612be6bce4980b7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f58f99e9d62b7626b612be6bce4980b7_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2820
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 316
    3⤵
    - Program crash
    PID:2968