b8c0b0f4cea4104d9a6f61f024e77e219e80f4506e13f9f8b9f6dc90d3293788

Analysis

max time kernel
138s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 08:33

Target

046243a3b04c775e10696337d01ba1a6_JaffaCakes118.dll
Size

2KB
MD5

046243a3b04c775e10696337d01ba1a6
SHA1

d075ac5b7f22f29ce634890d896891973fb6f236
SHA256

b8c0b0f4cea4104d9a6f61f024e77e219e80f4506e13f9f8b9f6dc90d3293788
SHA512

d99ea7a590aad4a7ce887805fbf8f82e7af3a06df803e1801effc28942a995a1df50c557dc900d9f57033f4553ee6d0701abf30a721df80bca7b22051677e697

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2588	3456	WerFault.exe	90

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 3456	2416	rundll32.exe	90
PID 2416 wrote to memory of 3456	2416	rundll32.exe	90
PID 2416 wrote to memory of 3456	2416	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\046243a3b04c775e10696337d01ba1a6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\046243a3b04c775e10696337d01ba1a6_JaffaCakes118.dll,#1
  2⤵
  PID:3456
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 544
    3⤵
    - Program crash
    PID:2588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3456 -ip 3456
1⤵
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4168,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=2732 /prefetch:8
1⤵
PID:1520

memory/3456-0-0x0000000010000000-0x0000000010121000-memory.dmp

Filesize
1.1MB

Download