0d04607bfaf064061f5f10fb4c7335ee79d773a7eee879eee6fde48f0a37faf8

Analysis

max time kernel
93s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 20:16

Target

60fd32d8c60ba3b9be0af61a83ac8c42_JaffaCakes118.dll
Size

202KB
MD5

60fd32d8c60ba3b9be0af61a83ac8c42
SHA1

e3046df847f1f5dc933077045875b9118d7b0719
SHA256

0d04607bfaf064061f5f10fb4c7335ee79d773a7eee879eee6fde48f0a37faf8
SHA512

2ab0136c8403e0bbdde961305b8e563c194936bd1aff81ed8ba624d1583339133c86c371db34eed514495dd68deae047815e1050b95ca150e37c3d07ee6af7e3
SSDEEP

3072:Pjh9N4a1j712h9Td2+1lxvTeZna8xUhUbT15E:PjdFKdoSxvixTxUA

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4156 1384 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4156	1384	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2644 wrote to memory of 1384	2644	rundll32.exe	rundll32.exe
PID 2644 wrote to memory of 1384	2644	rundll32.exe	rundll32.exe
PID 2644 wrote to memory of 1384	2644	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\60fd32d8c60ba3b9be0af61a83ac8c42_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2644

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\60fd32d8c60ba3b9be0af61a83ac8c42_JaffaCakes118.dll,#1
2⤵
PID:1384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 680
3⤵
- Program crash
PID:4156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1384 -ip 1384
1⤵
PID:4012