9d55f7a84d89767ef563310e3ca33097b7fcc87d7ee607455ae05c1084255bc1

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 14:51

Target

fa8a741ea3fcc649bca5b70c75a6ef60_JaffaCakes118.dll
Size

16KB
MD5

fa8a741ea3fcc649bca5b70c75a6ef60
SHA1

bd751f7f6792776762a71510f64f8fe9ba738ab3
SHA256

9d55f7a84d89767ef563310e3ca33097b7fcc87d7ee607455ae05c1084255bc1
SHA512

8b2f2af916c1a952939f96a2a7fb43d193005bb6dbe332749324efe3a777db8fdbb87bbf916db43edf2a1d34eaf2133e4e92a3f5bf9bec575888e1fa07bdbfa1
SSDEEP

384:JC8CA4XQhAVRKqkO6ZK+wSAcG3IZN18d7y7A6XWI:JC1XQhAXKZO6PDRZN2Fy71b

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1232	1720	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4620 wrote to memory of 1720	4620	rundll32.exe	86
PID 4620 wrote to memory of 1720	4620	rundll32.exe	86
PID 4620 wrote to memory of 1720	4620	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa8a741ea3fcc649bca5b70c75a6ef60_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa8a741ea3fcc649bca5b70c75a6ef60_JaffaCakes118.dll,#1
  2⤵
  PID:1720
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 632
    3⤵
    - Program crash
    PID:1232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 1720 -ip 1720
1⤵
PID:4828