0d04607bfaf064061f5f10fb4c7335ee79d773a7eee879eee6fde48f0a37faf8

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 20:16

Target

60fd32d8c60ba3b9be0af61a83ac8c42_JaffaCakes118.dll
Size

202KB
MD5

60fd32d8c60ba3b9be0af61a83ac8c42
SHA1

e3046df847f1f5dc933077045875b9118d7b0719
SHA256

0d04607bfaf064061f5f10fb4c7335ee79d773a7eee879eee6fde48f0a37faf8
SHA512

2ab0136c8403e0bbdde961305b8e563c194936bd1aff81ed8ba624d1583339133c86c371db34eed514495dd68deae047815e1050b95ca150e37c3d07ee6af7e3
SSDEEP

3072:Pjh9N4a1j712h9Td2+1lxvTeZna8xUhUbT15E:PjdFKdoSxvixTxUA

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

908 1244 WerFault.exe rundll32.exe

pid	pid_target	process	target process
908	1244	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 1132 wrote to memory of 1244	1132	rundll32.exe	rundll32.exe
PID 1132 wrote to memory of 1244	1132	rundll32.exe	rundll32.exe
PID 1132 wrote to memory of 1244	1132	rundll32.exe	rundll32.exe
PID 1132 wrote to memory of 1244	1132	rundll32.exe	rundll32.exe
PID 1132 wrote to memory of 1244	1132	rundll32.exe	rundll32.exe
PID 1132 wrote to memory of 1244	1132	rundll32.exe	rundll32.exe
PID 1132 wrote to memory of 1244	1132	rundll32.exe	rundll32.exe
PID 1244 wrote to memory of 908	1244	rundll32.exe	WerFault.exe
PID 1244 wrote to memory of 908	1244	rundll32.exe	WerFault.exe
PID 1244 wrote to memory of 908	1244	rundll32.exe	WerFault.exe
PID 1244 wrote to memory of 908	1244	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\60fd32d8c60ba3b9be0af61a83ac8c42_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1132

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\60fd32d8c60ba3b9be0af61a83ac8c42_JaffaCakes118.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:1244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240
3⤵
- Program crash
PID:908