c215c058169f3bf4317edc5c3855aa99275bd19a015bb0103c16a17bc580d23a

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 13:43

Target

1635eac2c6b2f783fb5665899c15cdbd_JaffaCakes118.dll
Size

26KB
MD5

1635eac2c6b2f783fb5665899c15cdbd
SHA1

dd67136380e99e2cdc873c8beb141452b17a73f5
SHA256

c215c058169f3bf4317edc5c3855aa99275bd19a015bb0103c16a17bc580d23a
SHA512

d7cfe8f78014526e1961549106f0f27bc077718f30f30f211aa51b37f088c64b6007a1a92132005fe84939168099d02760050806c354df97c53ddd03dd31b111
SSDEEP

384:kzVEdyPUojgtdn6DrTEn08XqJAqUXYxl4Sl+9q7mWbHJU:Hy8ojgtIsn0QZlKld8iHJU

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2840	3048	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 3048	1084	rundll32.exe	28
PID 1084 wrote to memory of 3048	1084	rundll32.exe	28
PID 1084 wrote to memory of 3048	1084	rundll32.exe	28
PID 1084 wrote to memory of 3048	1084	rundll32.exe	28
PID 1084 wrote to memory of 3048	1084	rundll32.exe	28
PID 1084 wrote to memory of 3048	1084	rundll32.exe	28
PID 1084 wrote to memory of 3048	1084	rundll32.exe	28
PID 3048 wrote to memory of 2840	3048	rundll32.exe	29
PID 3048 wrote to memory of 2840	3048	rundll32.exe	29
PID 3048 wrote to memory of 2840	3048	rundll32.exe	29
PID 3048 wrote to memory of 2840	3048	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1635eac2c6b2f783fb5665899c15cdbd_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1635eac2c6b2f783fb5665899c15cdbd_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3048
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
    3⤵
    - Program crash
    PID:2840