4bc46cc8146007b60f72bc42d7d59a55abf943f50fc42dd8a8fa7475e0b775fb

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/04/2024, 13:41

Target

05507d68ea603cb822b5059c02e99f84_JaffaCakes118.dll
Size

35KB
MD5

05507d68ea603cb822b5059c02e99f84
SHA1

aadf086507aeb380387eb8c4457360394578ff95
SHA256

4bc46cc8146007b60f72bc42d7d59a55abf943f50fc42dd8a8fa7475e0b775fb
SHA512

209f4a4df9b9bc715aa56a055a0f636296d5f56383030c3b2d1066029936428178de576471adcbf87394d675bd793d9547a0c9cc6889d3df6668bd242f40fd43
SSDEEP

768:K3TyjThg+N/lzvBGYds9gxmWhUERFP6DyOtR:ke5gUdzZbSgxmW35OtR

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2192	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2192	2184	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2184	2524	rundll32.exe	28
PID 2524 wrote to memory of 2184	2524	rundll32.exe	28
PID 2524 wrote to memory of 2184	2524	rundll32.exe	28
PID 2524 wrote to memory of 2184	2524	rundll32.exe	28
PID 2524 wrote to memory of 2184	2524	rundll32.exe	28
PID 2524 wrote to memory of 2184	2524	rundll32.exe	28
PID 2524 wrote to memory of 2184	2524	rundll32.exe	28
PID 2184 wrote to memory of 2192	2184	rundll32.exe	29
PID 2184 wrote to memory of 2192	2184	rundll32.exe	29
PID 2184 wrote to memory of 2192	2184	rundll32.exe	29
PID 2184 wrote to memory of 2192	2184	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\05507d68ea603cb822b5059c02e99f84_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\05507d68ea603cb822b5059c02e99f84_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2184
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 232
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2192

\Users\Admin\AppData\Local\Temp\05507d68ea603cb822b5059c02e99f84_JaffaCakes118.dll

Filesize
35KB

MD5
05507d68ea603cb822b5059c02e99f84

SHA1
aadf086507aeb380387eb8c4457360394578ff95

SHA256
4bc46cc8146007b60f72bc42d7d59a55abf943f50fc42dd8a8fa7475e0b775fb

SHA512
209f4a4df9b9bc715aa56a055a0f636296d5f56383030c3b2d1066029936428178de576471adcbf87394d675bd793d9547a0c9cc6889d3df6668bd242f40fd43

Download Submit