21c855bc185f8ab48ec8f633b02f2e3fdc337c7c8dd45d55694e98adacb2d6a3

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 18:38

Target

17162da33b46558191bf10414b9bb6e8_JaffaCakes118.dll
Size

278KB
MD5

17162da33b46558191bf10414b9bb6e8
SHA1

c8a077177a171ae3d28e61547aeb825e9e22cc13
SHA256

21c855bc185f8ab48ec8f633b02f2e3fdc337c7c8dd45d55694e98adacb2d6a3
SHA512

31d6c00934bb87028c92a6f4f9f5710b8c2364c235b5fff0529b28897ff05d43167934da120f9cc54375b9c17fc4fbc3e84daf041c58b2f161a33413c75c4740
SSDEEP

3072:sc3MVWRInKONJpbcOyALzClMTnP4BP8BdIe8SeQsajimML/:s5VW+nK2DbcOyuzCCTA8np8SeQsajims

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
888	4540	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 4540	116	rundll32.exe	84
PID 116 wrote to memory of 4540	116	rundll32.exe	84
PID 116 wrote to memory of 4540	116	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17162da33b46558191bf10414b9bb6e8_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\17162da33b46558191bf10414b9bb6e8_JaffaCakes118.dll,#1
  2⤵
  PID:4540
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 572
    3⤵
    - Program crash
    PID:888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4540 -ip 4540
1⤵
PID:1336