fddb7a1b9157a178a0e7f3d5c45e13749bbcc2eee8dbdc5a1dd55bc50962ff78

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 05:06

Target

fe801e920e34eb888aa1e432679103b2_JaffaCakes118.dll
Size

519KB
MD5

fe801e920e34eb888aa1e432679103b2
SHA1

edda7eb90b684ddf5fd2dad989f84cc27f428d5b
SHA256

fddb7a1b9157a178a0e7f3d5c45e13749bbcc2eee8dbdc5a1dd55bc50962ff78
SHA512

7aecd90ab2939f2923075e84dcaba3d8c86dfb75a2c8492ec6c28b3edbb1d054971df4b9b34eb0ac20326dfb1db005f41b40aa089f5f59802cbaba082dfb2185
SSDEEP

12288:Cbz+LOIuCCUev39lCahIcz33jSXXs8bLeyR1ix7yLru7a:Cbz+LOIuCCUev3HCaicL32Xdyx7yLru7

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2184	2172	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2172	2132	rundll32.exe	28
PID 2132 wrote to memory of 2172	2132	rundll32.exe	28
PID 2132 wrote to memory of 2172	2132	rundll32.exe	28
PID 2132 wrote to memory of 2172	2132	rundll32.exe	28
PID 2132 wrote to memory of 2172	2132	rundll32.exe	28
PID 2132 wrote to memory of 2172	2132	rundll32.exe	28
PID 2132 wrote to memory of 2172	2132	rundll32.exe	28
PID 2172 wrote to memory of 2184	2172	rundll32.exe	29
PID 2172 wrote to memory of 2184	2172	rundll32.exe	29
PID 2172 wrote to memory of 2184	2172	rundll32.exe	29
PID 2172 wrote to memory of 2184	2172	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe801e920e34eb888aa1e432679103b2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe801e920e34eb888aa1e432679103b2_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 252
    3⤵
    - Program crash
    PID:2184