a9458ff11984a8dfcfc2588e5f3aaa975184ff7c991c1464ec4669a3fba0e23e

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 03:56

Target

149791a0030c9c8ce139f4d6adc76923_JaffaCakes118.dll
Size

273KB
MD5

149791a0030c9c8ce139f4d6adc76923
SHA1

e2c749d94eb883bf3b17d4f5adfc7bac39b4d2a9
SHA256

a9458ff11984a8dfcfc2588e5f3aaa975184ff7c991c1464ec4669a3fba0e23e
SHA512

26a50d19f02526d0c87611da25e8d45719da45aa45d213a7b1395562c47c18b415d8d26f2188437b14e822fa6d813407dec0cc39a8106fcf4d5538c510694d84
SSDEEP

6144:KbQ0/qJXmReLTjpuIqF1L8sWokpNvbq/iU3twOe5I0/MlZNPB4hev:sQjJ/TjptLsWokpNvbq/iU3sxMl2hev

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
536	3496	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3128 wrote to memory of 3496	3128	rundll32.exe	80
PID 3128 wrote to memory of 3496	3128	rundll32.exe	80
PID 3128 wrote to memory of 3496	3128	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\149791a0030c9c8ce139f4d6adc76923_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3128
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\149791a0030c9c8ce139f4d6adc76923_JaffaCakes118.dll,#1
  2⤵
  PID:3496
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 544
    3⤵
    - Program crash
    PID:536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3496 -ip 3496
1⤵
PID:3048

memory/3496-0-0x0000000010000000-0x00000000100A6000-memory.dmp

Filesize
664KB

Download