6b01b3b78e5bbaf4fa16460460110476e853c02b364ce41cac49f91cf721bd77

Analysis

max time kernel
92s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 16:56

Target

af70eabe441a4f6b586093ee658e6dc0_JaffaCakes118.dll
Size

120KB
MD5

af70eabe441a4f6b586093ee658e6dc0
SHA1

84beee585c87a004aa12faa0cd757bb354b851a6
SHA256

6b01b3b78e5bbaf4fa16460460110476e853c02b364ce41cac49f91cf721bd77
SHA512

d158bb9a5bb4da6155faf5311b782d96d0672b232bc8ac297627d88e409fc73eb78e6e0dcdfb981c7dc8e5646427a816b641ecfb5f00368d563152622fac7a22
SSDEEP

3072:Gj5j7FwHSzsBgfH4ZmXZuEgwl8n3bJqSDGQODtO:Ij7FwHPBgPdwpJqQGQ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1516	4380	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 4380	2928	rundll32.exe	82
PID 2928 wrote to memory of 4380	2928	rundll32.exe	82
PID 2928 wrote to memory of 4380	2928	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af70eabe441a4f6b586093ee658e6dc0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af70eabe441a4f6b586093ee658e6dc0_JaffaCakes118.dll,#1
  2⤵
  PID:4380
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 600
    3⤵
    - Program crash
    PID:1516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4380 -ip 4380
1⤵
PID:4420

memory/4380-0-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download