90fd0229be940956b60e1b137b9cf12cf4452e11e71ae25dc960319f179d8a87

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 10:22

Target

19c5b69e6f2bb88f8efd5499ba908b68_JaffaCakes118.dll
Size

72KB
MD5

19c5b69e6f2bb88f8efd5499ba908b68
SHA1

e65de20e1371219b82a87999a5ef92a8e715a9f9
SHA256

90fd0229be940956b60e1b137b9cf12cf4452e11e71ae25dc960319f179d8a87
SHA512

36a2a61fc7e32cd674cb21ba3015a762eedab6f988d8a761d0b3ee1182c81c7ce7e31ebc735cb2146d1f7ebb1a81a23eab31d5fb692ac5008ea55ef243abb427
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4924	408	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1116 wrote to memory of 408	1116	rundll32.exe	81
PID 1116 wrote to memory of 408	1116	rundll32.exe	81
PID 1116 wrote to memory of 408	1116	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\19c5b69e6f2bb88f8efd5499ba908b68_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\19c5b69e6f2bb88f8efd5499ba908b68_JaffaCakes118.dll,#1
  2⤵
  PID:408
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 408 -s 604
    3⤵
    - Program crash
    PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 408 -ip 408
1⤵
PID:3280