8aecceb371ca882b3e034ad5ebc7e1cd4b6135090662382bbef0997ab233095c

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 15:28

Target

0951efe5720535cd84e93b0a20c4a4f5_JaffaCakes118.dll
Size

285KB
MD5

0951efe5720535cd84e93b0a20c4a4f5
SHA1

cba37a78ddb298b5c20bb82d31e90e38ea65aafc
SHA256

8aecceb371ca882b3e034ad5ebc7e1cd4b6135090662382bbef0997ab233095c
SHA512

6ad7a46e7961fb52401201b7acccbce0287bdbdf91dcd2e85e4cd691058359789f6f042377c865b90e53717f1ec4b689ca3338897d0b49511f935ffddfc0f69e
SSDEEP

6144:UDVkRp9pYJ1g0Yrdy8S0lGzCobjBWZoZuXq6uaCpc+qJn2EYn:UuRLOvg0Y5ZSYejwC4PCNp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2316	2128	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4012 wrote to memory of 2128	4012	rundll32.exe	82
PID 4012 wrote to memory of 2128	4012	rundll32.exe	82
PID 4012 wrote to memory of 2128	4012	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0951efe5720535cd84e93b0a20c4a4f5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0951efe5720535cd84e93b0a20c4a4f5_JaffaCakes118.dll,#1
  2⤵
  PID:2128
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 572
    3⤵
    - Program crash
    PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2128 -ip 2128
1⤵
PID:3688

memory/2128-0-0x0000000010000000-0x000000001011E000-memory.dmp

Filesize
1.1MB

Download