4a3016f73506be59e8b21573b15da5a76910304c2372557d305c1cabebb16335

Analysis

max time kernel
51s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 14:35

Target

06e1bd6c224283c85ca607ed3298f3c3_JaffaCakes118.dll
Size

152KB
MD5

06e1bd6c224283c85ca607ed3298f3c3
SHA1

f28e549d222f322d8af15ee402c7c62883b50674
SHA256

4a3016f73506be59e8b21573b15da5a76910304c2372557d305c1cabebb16335
SHA512

2398dba556a21a9c3de9483e2480c1560d94f676ea26457dee5c33b39c23d5ac5b22416d0cae6cfbbfc506e291ab056520f12194db3373d4499e0e20a35723f7
SSDEEP

3072:YGHQG5cU74EOAP5VHjiXkj+oRSeR4Hvn5BR5eOu/6gaZ6toKh:Y8T5cTE7bB1u/XPeP2Z6to

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5096	5052	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 5052	1344	rundll32.exe	81
PID 1344 wrote to memory of 5052	1344	rundll32.exe	81
PID 1344 wrote to memory of 5052	1344	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06e1bd6c224283c85ca607ed3298f3c3_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\06e1bd6c224283c85ca607ed3298f3c3_JaffaCakes118.dll,#1
  2⤵
  PID:5052
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 592
    3⤵
    - Program crash
    PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5052 -ip 5052
1⤵
PID:4236

memory/5052-0-0x0000000010000000-0x0000000010033000-memory.dmp

Filesize
204KB

Download
memory/5052-2-0x0000000002580000-0x00000000025A2000-memory.dmp

Filesize
136KB

Download
memory/5052-1-0x0000000010000000-0x0000000010033000-memory.dmp

Filesize
204KB

Download