e506a206aa72fba81de0960d8ffca3947dd183783e04dd55a7f40427efdc8236

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 09:58

Target

ff0634ac4c981e2b5113aba95187dcba_JaffaCakes118.dll
Size

551KB
MD5

ff0634ac4c981e2b5113aba95187dcba
SHA1

602a883eb54af5df14d9ee01fbac6f48eece439d
SHA256

e506a206aa72fba81de0960d8ffca3947dd183783e04dd55a7f40427efdc8236
SHA512

87bf9b092441b759a7d95502106e6f5adbb5a2c922f19319dde63901aa0862dbbc50e0810d68ea2083d91fc9800a9dec7469b58b31bae7e17542977bfd58143c
SSDEEP

12288:YnWhrDpnNoAZbkKLPZXNIobaa8CcW6SCtG3ctsxVp:YnWNtSAdLZuo+E6SC5tsxVp

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2044	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2728	2044	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2044	2952	rundll32.exe	28
PID 2952 wrote to memory of 2044	2952	rundll32.exe	28
PID 2952 wrote to memory of 2044	2952	rundll32.exe	28
PID 2952 wrote to memory of 2044	2952	rundll32.exe	28
PID 2952 wrote to memory of 2044	2952	rundll32.exe	28
PID 2952 wrote to memory of 2044	2952	rundll32.exe	28
PID 2952 wrote to memory of 2044	2952	rundll32.exe	28
PID 2044 wrote to memory of 2728	2044	rundll32.exe	29
PID 2044 wrote to memory of 2728	2044	rundll32.exe	29
PID 2044 wrote to memory of 2728	2044	rundll32.exe	29
PID 2044 wrote to memory of 2728	2044	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff0634ac4c981e2b5113aba95187dcba_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff0634ac4c981e2b5113aba95187dcba_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of WriteProcessMemory
  PID:2044
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 200
    3⤵
    - Program crash
    PID:2728

memory/2044-1-0x0000000001F80000-0x0000000002086000-memory.dmp

Filesize
1.0MB

Download
memory/2044-2-0x0000000001F80000-0x0000000002086000-memory.dmp

Filesize
1.0MB

Download
memory/2044-0-0x0000000001F80000-0x0000000002086000-memory.dmp

Filesize
1.0MB

Download
memory/2044-3-0x0000000001F80000-0x0000000002086000-memory.dmp

Filesize
1.0MB

Download