02abd430c466b39065653b2bace7dfe941f9f2053762fe8a6f674b83e7c0f03c

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 12:31

Target

0602a82b423bcdeec89ca103c6681fa6_JaffaCakes118.dll
Size

72KB
MD5

0602a82b423bcdeec89ca103c6681fa6
SHA1

39c7dc83f671843d30efa746212d3ceb9be13c0d
SHA256

02abd430c466b39065653b2bace7dfe941f9f2053762fe8a6f674b83e7c0f03c
SHA512

ec7ff61f7df704c46a3f48e8ce81fa9adc852f365e4c054843adda067105f42537ca53d890bc87ae34e624876abd616c596e52794934165b9440dfd8c4c928e3
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2732	3968	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3920 wrote to memory of 3968	3920	rundll32.exe	82
PID 3920 wrote to memory of 3968	3920	rundll32.exe	82
PID 3920 wrote to memory of 3968	3920	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0602a82b423bcdeec89ca103c6681fa6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0602a82b423bcdeec89ca103c6681fa6_JaffaCakes118.dll,#1
  2⤵
  PID:3968
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 600
    3⤵
    - Program crash
    PID:2732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3968 -ip 3968
1⤵
PID:4820