7ed173c95fb23634a51ee089ce3ef719134dc5110a38585163968e19886d3ee5

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 10:37

Target

15adbb916f32ea68bb00488f65c0b443_JaffaCakes118.dll
Size

62KB
MD5

15adbb916f32ea68bb00488f65c0b443
SHA1

98f5a3cdcbcb769773b2a7e1e3fba585e0287715
SHA256

7ed173c95fb23634a51ee089ce3ef719134dc5110a38585163968e19886d3ee5
SHA512

5b1b6bff60e7627c454e6dbbbfb45886fc8367b0f651ebaccabbf060a4d3b13c97794b04a8fc61e4bd3efecb06c9064f2b8dd9a7561594eea7c33f14d7251739
SSDEEP

1536:LmnHvSJXQPhIA0DY5q/WT/uWBjTBrTH75tQszj:Lm6J42A0DhWTGWBB4sf

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3936	3528	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 3528	1924	rundll32.exe	81
PID 1924 wrote to memory of 3528	1924	rundll32.exe	81
PID 1924 wrote to memory of 3528	1924	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\15adbb916f32ea68bb00488f65c0b443_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\15adbb916f32ea68bb00488f65c0b443_JaffaCakes118.dll,#1
  2⤵
  PID:3528
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 656
    3⤵
    - Program crash
    PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3528 -ip 3528
1⤵
PID:3368

memory/3528-0-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download