4b6856746b5c2677559efa4b8a7f1766b4b29379d744dc57c48972ea2f1acbde

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-04-2024 15:08

Target

ff8f31ee33b3894ca71ccc2f73972598_JaffaCakes118.dll
Size

114KB
MD5

ff8f31ee33b3894ca71ccc2f73972598
SHA1

5ae337b5b921df03c8185b45bcf3866681ea83bc
SHA256

4b6856746b5c2677559efa4b8a7f1766b4b29379d744dc57c48972ea2f1acbde
SHA512

9984c3642c607676429a0a5e05ba238732e4382d32de2b3a6ddff15ec6ef689fdd170db34feee81b96e5a3cad98a4ff23d77eb3a248288b8b0dcda8c7e766d6b
SSDEEP

3072:/X1to9fOBqoTUoMtacdqd6Tw3+A6DUp5Ju1kru1kK:v1t6fOY1aksuw3+A6IAX5

Score

8^/10

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Drivers\beep.sys	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2848	2528	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2528	2732	rundll32.exe	28
PID 2732 wrote to memory of 2528	2732	rundll32.exe	28
PID 2732 wrote to memory of 2528	2732	rundll32.exe	28
PID 2732 wrote to memory of 2528	2732	rundll32.exe	28
PID 2732 wrote to memory of 2528	2732	rundll32.exe	28
PID 2732 wrote to memory of 2528	2732	rundll32.exe	28
PID 2732 wrote to memory of 2528	2732	rundll32.exe	28
PID 2528 wrote to memory of 2848	2528	rundll32.exe	29
PID 2528 wrote to memory of 2848	2528	rundll32.exe	29
PID 2528 wrote to memory of 2848	2528	rundll32.exe	29
PID 2528 wrote to memory of 2848	2528	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff8f31ee33b3894ca71ccc2f73972598_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff8f31ee33b3894ca71ccc2f73972598_JaffaCakes118.dll,#1
  2⤵
  - Drops file in Drivers directory
  - Suspicious use of WriteProcessMemory
  PID:2528
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 324
    3⤵
    - Program crash
    PID:2848