e021aa756ce4f16dbb58b46b5256911b4b5832c3c96f252fec5f6ecc9a22109b

Analysis

max time kernel
136s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 04:59

Target

18dc8b737da36e144fc1db009f4e8b62_JaffaCakes118.dll
Size

97KB
MD5

18dc8b737da36e144fc1db009f4e8b62
SHA1

9fa95f157a5acbf0cb3e88eb0fb4a24eea53696f
SHA256

e021aa756ce4f16dbb58b46b5256911b4b5832c3c96f252fec5f6ecc9a22109b
SHA512

58bd94f616b382f0dc30310518efba798797cda47bcd18ef33a6370563b09657bf7a99cf02cf89e0dda7460f2573e1e0c7ac1fe4ffa15fd27717278433450e87
SSDEEP

3072:ASB5makaxmjmKIKiZ53HqZ84475za/Ec2T9lsUAJBB8gFv:AhZv63Zc84475f9lqxV

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1440	4700	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 4700	1740	rundll32.exe	82
PID 1740 wrote to memory of 4700	1740	rundll32.exe	82
PID 1740 wrote to memory of 4700	1740	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\18dc8b737da36e144fc1db009f4e8b62_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\18dc8b737da36e144fc1db009f4e8b62_JaffaCakes118.dll,#1
  2⤵
  PID:4700
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 560
    3⤵
    - Program crash
    PID:1440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4700 -ip 4700
1⤵
PID:976