d7b9086be96f2ffc9fd36039d4c29a07ea28714c1969f6bd8ffb9b762c8e219d

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 12:39

Target

6af82526071117f5d82151e2af3cd9a7_JaffaCakes118.dll
Size

2.8MB
MD5

6af82526071117f5d82151e2af3cd9a7
SHA1

ae3797a6b227fb9ca562ecf40b561c07ca6e8c19
SHA256

d7b9086be96f2ffc9fd36039d4c29a07ea28714c1969f6bd8ffb9b762c8e219d
SHA512

4ba62b4f6c0fc5a4238fd9930ee397f6af51365dd141f473134add20a48f5a4d9b616332ad0ea628d146a4b984b97ce5a72ad4df70db0e38c8a7d55c37124856
SSDEEP

49152:4nI9zZoDyY7y6e9KdCMDVbOzEBHG9vN1q8NKX/mxvcTTVgOh51Ahm:5RZoDyee9KT3BHG9F1xNKX/mxuTyOf1/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2136	2124	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2124	1936	rundll32.exe	28
PID 1936 wrote to memory of 2124	1936	rundll32.exe	28
PID 1936 wrote to memory of 2124	1936	rundll32.exe	28
PID 1936 wrote to memory of 2124	1936	rundll32.exe	28
PID 1936 wrote to memory of 2124	1936	rundll32.exe	28
PID 1936 wrote to memory of 2124	1936	rundll32.exe	28
PID 1936 wrote to memory of 2124	1936	rundll32.exe	28
PID 2124 wrote to memory of 2136	2124	rundll32.exe	29
PID 2124 wrote to memory of 2136	2124	rundll32.exe	29
PID 2124 wrote to memory of 2136	2124	rundll32.exe	29
PID 2124 wrote to memory of 2136	2124	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6af82526071117f5d82151e2af3cd9a7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6af82526071117f5d82151e2af3cd9a7_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2124
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 260
    3⤵
    - Program crash
    PID:2136