cdad2329a127dae82e5044007e3608563487fb1cd4548315cc4517afec07de2d

Analysis

max time kernel
133s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 21:54

Target

17aa7083f51082adc6208c976684ea9f_JaffaCakes118.dll
Size

2KB
MD5

17aa7083f51082adc6208c976684ea9f
SHA1

9e5c4e06b8697ca7ce465bb9363692dbf39d7bed
SHA256

cdad2329a127dae82e5044007e3608563487fb1cd4548315cc4517afec07de2d
SHA512

5980d4eae7e94896bf901d265dff3f39f128ea310af38761c017fe735550c54a6719bb7bb5ab5dad0dd6506688cbc0a9694889f4a177b18cf8cbc6f3ce5a382e

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4536	4796	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 4796	116	rundll32.exe	83
PID 116 wrote to memory of 4796	116	rundll32.exe	83
PID 116 wrote to memory of 4796	116	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17aa7083f51082adc6208c976684ea9f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\17aa7083f51082adc6208c976684ea9f_JaffaCakes118.dll,#1
  2⤵
  PID:4796
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 544
    3⤵
    - Program crash
    PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4796 -ip 4796
1⤵
PID:1760

memory/4796-0-0x000000006A9D0000-0x000000006AB25000-memory.dmp

Filesize
1.3MB

Download