96df2efa2f0d2f0a84875676f7f57e82deed485faf17ac4f1929dd05da60f763

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2024 20:32

Target

42f3b94cb4b8c9ea9b8dd563e1563b62_JaffaCakes118.dll
Size

3KB
MD5

42f3b94cb4b8c9ea9b8dd563e1563b62
SHA1

3ed0054e2a358e49da807a05490b1cf020201f99
SHA256

96df2efa2f0d2f0a84875676f7f57e82deed485faf17ac4f1929dd05da60f763
SHA512

b7099600ab8cf5e739068f41438feae1e8dd95fe10807b0a94b5634068f0f192a5b4a7b6a29ea7afe5bc6c8d8c9588765d0395795f5c3bd1e9316762bcab45c8

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3728	1988	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 1988	1700	rundll32.exe	81
PID 1700 wrote to memory of 1988	1700	rundll32.exe	81
PID 1700 wrote to memory of 1988	1700	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\42f3b94cb4b8c9ea9b8dd563e1563b62_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\42f3b94cb4b8c9ea9b8dd563e1563b62_JaffaCakes118.dll,#1
  2⤵
  PID:1988
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 600
    3⤵
    - Program crash
    PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1988 -ip 1988
1⤵
PID:1488

memory/1988-0-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download
memory/1988-1-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download