ba63e906046edcd74cf868e8b76d70848378d8a7ee1037e7267d1b225f808649

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 14:50

Target

166620bdc10d8aeacbe9d1e2606b9243_JaffaCakes118.dll
Size

15KB
MD5

166620bdc10d8aeacbe9d1e2606b9243
SHA1

e8409ec292760d5510c3057e64045fcd115c8008
SHA256

ba63e906046edcd74cf868e8b76d70848378d8a7ee1037e7267d1b225f808649
SHA512

353a8508058f625cf70ea427078a4c2d62103cc2d99d132a7cb2a91a673691557975d70642024a4b5b7ccfceaf25f2d4251f1a7debcc9523d1eee638bd7e2b58
SSDEEP

192:fFar89Ev2xz69uj1QusBSv+BMzQpiEZhF0ymdniXt+E25bIBgK5+rfpQJm4Y:fFarwEvS9vWLMEish1mQA5bIV

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3984	4884	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 4884	2508	rundll32.exe	81
PID 2508 wrote to memory of 4884	2508	rundll32.exe	81
PID 2508 wrote to memory of 4884	2508	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\166620bdc10d8aeacbe9d1e2606b9243_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\166620bdc10d8aeacbe9d1e2606b9243_JaffaCakes118.dll,#1
  2⤵
  PID:4884
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 544
    3⤵
    - Program crash
    PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4884 -ip 4884
1⤵
PID:4028