9688e2c5ae8b5aced01decc616e77d8f93f7213c264367e40ad103444b5c28be

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
17/06/2024, 10:04

Target

b80aee2f00964da9f2f23da80048dae5_JaffaCakes118.dll
Size

2.8MB
MD5

b80aee2f00964da9f2f23da80048dae5
SHA1

b9f57f8f678396d296c244d13bf1216b08597b9c
SHA256

9688e2c5ae8b5aced01decc616e77d8f93f7213c264367e40ad103444b5c28be
SHA512

80ae090730c3224c97ae8e83bb51f376cf66c57f974b427c46fab42e7f6aab452bf247b0a6d214ae06b327dade888a37b22f5463812fc737f2571d4a62309dcd
SSDEEP

49152:hXGf6SmLCjTygftKaZdDOYZp6MHG9vLwfK2KZxklx5fKVpknBQZ:UiSmLC5ftK0p6MHG9zwS2KZxkl7Kvkq

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2556	2560	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2560	2072	rundll32.exe	28
PID 2072 wrote to memory of 2560	2072	rundll32.exe	28
PID 2072 wrote to memory of 2560	2072	rundll32.exe	28
PID 2072 wrote to memory of 2560	2072	rundll32.exe	28
PID 2072 wrote to memory of 2560	2072	rundll32.exe	28
PID 2072 wrote to memory of 2560	2072	rundll32.exe	28
PID 2072 wrote to memory of 2560	2072	rundll32.exe	28
PID 2560 wrote to memory of 2556	2560	rundll32.exe	29
PID 2560 wrote to memory of 2556	2560	rundll32.exe	29
PID 2560 wrote to memory of 2556	2560	rundll32.exe	29
PID 2560 wrote to memory of 2556	2560	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b80aee2f00964da9f2f23da80048dae5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b80aee2f00964da9f2f23da80048dae5_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2560
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 264
    3⤵
    - Program crash
    PID:2556