9e1bd2c5ab7a3d40ff99ccc84647a1b7a6529105dd354405df00b28271a52520

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 17:58

Target

09fd7d607d1839482cdd677d4e7329a6_JaffaCakes118.dll
Size

204KB
MD5

09fd7d607d1839482cdd677d4e7329a6
SHA1

1a2a012ba8b14bb2a882ecc59b6f1bb0a44ca579
SHA256

9e1bd2c5ab7a3d40ff99ccc84647a1b7a6529105dd354405df00b28271a52520
SHA512

1e8d47eb970ac416f71935b20b17d9ccccdd743f77b943b32aa3febd9c12f8d1da2e82a67b241ef44daa8e062f865f67f61c2c151ca2327c42381db8a9a47de1
SSDEEP

3072:/PX+LxI7GWlMZdyDIT3v9nxRJ0lb5BvoVVp/PSccmRATm/0qHkcO5VntrWOorsRy:xSm4xvootqDors3gD

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4388	4436	WerFault.exe	81
1728	4436	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 4436	1484	rundll32.exe	81
PID 1484 wrote to memory of 4436	1484	rundll32.exe	81
PID 1484 wrote to memory of 4436	1484	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\09fd7d607d1839482cdd677d4e7329a6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1484
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\09fd7d607d1839482cdd677d4e7329a6_JaffaCakes118.dll,#1
  2⤵
  PID:4436
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 592
    3⤵
    - Program crash
    PID:4388
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 792
    3⤵
    - Program crash
    PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4436 -ip 4436
1⤵
PID:2076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4436 -ip 4436
1⤵
PID:3600