e05cd7b098b11c67099da798d743fd088aeb80ecced5870cb1ebeb3407ff596e

Analysis

max time kernel
136s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 10:38

Target

ff16eba60a939dccb2d8a8e82e242a82_JaffaCakes118.dll
Size

17KB
MD5

ff16eba60a939dccb2d8a8e82e242a82
SHA1

78d8d857b3f311b62b1a8ca19c991ac99f56f0b5
SHA256

e05cd7b098b11c67099da798d743fd088aeb80ecced5870cb1ebeb3407ff596e
SHA512

f54123eac948143c043d980bb4941aa375d1858edc364da9a640bd4285902ab094daba672ec18967f816f8af5a4d5381277fa7f49da971a595740d118b6038ea
SSDEEP

192:OXtTZ/GhTL/3/ivu1PDAwb2r8zOfQBwX8+7WCfwrcW9+tW3C8u:sEv/vrFbxK4BI8+7RIgWgtWP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2060	5004	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 5004	2300	rundll32.exe	85
PID 2300 wrote to memory of 5004	2300	rundll32.exe	85
PID 2300 wrote to memory of 5004	2300	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff16eba60a939dccb2d8a8e82e242a82_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff16eba60a939dccb2d8a8e82e242a82_JaffaCakes118.dll,#1
  2⤵
  PID:5004
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 604
    3⤵
    - Program crash
    PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5004 -ip 5004
1⤵
PID:4392