b691d86ba3ed0d1c06f10b3c19c674ea0964d3308604fb672a46759eb9341007

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 04:51

Target

6216c58013c65b91a677c2c52efbeb70_JaffaCakes118.dll
Size

2.8MB
MD5

6216c58013c65b91a677c2c52efbeb70
SHA1

9d1bc007cc92e142ea5a6217f460dd6211ac53a8
SHA256

b691d86ba3ed0d1c06f10b3c19c674ea0964d3308604fb672a46759eb9341007
SHA512

2199183360569568fd09ce81ec80bc180b911a8d36b8d8cbb8d6d55963c8da6a1f66f3e6de92cec8c4ed296ce257b199096a645f80c55b017ca78bf056efede5
SSDEEP

49152:63e/yauLyTLyg3tKq52DnPCBiG9vcJyylKAmwUHJe8Vl5OzAds:VKauLyh3tKgBiG90JjlKAmwUE8nUz

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3520	712	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3596 wrote to memory of 712	3596	rundll32.exe	82
PID 3596 wrote to memory of 712	3596	rundll32.exe	82
PID 3596 wrote to memory of 712	3596	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6216c58013c65b91a677c2c52efbeb70_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3596
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6216c58013c65b91a677c2c52efbeb70_JaffaCakes118.dll,#1
  2⤵
  PID:712
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 660
    3⤵
    - Program crash
    PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 712 -ip 712
1⤵
PID:4072