790e9cd4ef665b30fba74cb5d1e1cebdf44e1e7e1f1351c1a2b12a3d52460f39

Analysis

max time kernel
51s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 05:44

Target

03567949e5e2b0b71b1af6522ccf5e6d_JaffaCakes118.dll
Size

119KB
MD5

03567949e5e2b0b71b1af6522ccf5e6d
SHA1

7e7ca9687821091a6dc7df714abd0d71b3fe8d98
SHA256

790e9cd4ef665b30fba74cb5d1e1cebdf44e1e7e1f1351c1a2b12a3d52460f39
SHA512

08d48783bc9271083eb80ae9e39f45359936367468771e526b437d17f91278740210e9fe8bf6149f99a7a1cfa234b5bbaefefc1360ca55a55e80ac5c73829bd8
SSDEEP

1536:jR6lvMqqU+2bbbAV2/S2zmNrDbhYOYZQRaSTBlJ4sE5Tn6OlzzIhgZbIJoc7Xvj:6vMqqDL2/zKpnahQOugZ0Joc7b

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4660	3432	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 3432	3904	rundll32.exe	82
PID 3904 wrote to memory of 3432	3904	rundll32.exe	82
PID 3904 wrote to memory of 3432	3904	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03567949e5e2b0b71b1af6522ccf5e6d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\03567949e5e2b0b71b1af6522ccf5e6d_JaffaCakes118.dll,#1
  2⤵
  PID:3432
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 576
    3⤵
    - Program crash
    PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3432 -ip 3432
1⤵
PID:4100

memory/3432-0-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download