7ca0360bed9e03136d837a60415653e63d946ce965dcda6351e5b676691faa89

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 14:39

Target

63a642c8a14b638780727fbe981137e5_JaffaCakes118.dll
Size

2.8MB
MD5

63a642c8a14b638780727fbe981137e5
SHA1

87e5fa4a243be08f207ff78e39fcb6403282938a
SHA256

7ca0360bed9e03136d837a60415653e63d946ce965dcda6351e5b676691faa89
SHA512

9be072809c2b80485b847f1883ec0577f7252ed416be1f8b702527a70c0c6283ddc4c9c4059bc9df4c946b68335d30f15ed3d9d3b36d80ecb7097bdd9dc62c84
SSDEEP

49152:3q12+9UuvtLW8y9dyTGV7DOVG4/NBRG9v37aJfKtKIAkQxJorV15vXW7k3j:UhCuhUdyTHG4/NBRG9PuAtKIAkQsrnF

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2564	1156	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3188 wrote to memory of 1156	3188	rundll32.exe	82
PID 3188 wrote to memory of 1156	3188	rundll32.exe	82
PID 3188 wrote to memory of 1156	3188	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\63a642c8a14b638780727fbe981137e5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3188
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\63a642c8a14b638780727fbe981137e5_JaffaCakes118.dll,#1
  2⤵
  PID:1156
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 660
    3⤵
    - Program crash
    PID:2564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1156 -ip 1156
1⤵
PID:1992