9547d3131477b7ae8825f4368fe5822fea6c1d30bee79179d00c03af9ed701ef

Analysis

max time kernel
79s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 12:19

Target

1a172b3799540b4f655fd87e6fca41a7_JaffaCakes118.dll
Size

237KB
MD5

1a172b3799540b4f655fd87e6fca41a7
SHA1

df23ee211a943e0e8f988a5fce95bb6b50c8be80
SHA256

9547d3131477b7ae8825f4368fe5822fea6c1d30bee79179d00c03af9ed701ef
SHA512

8ed107f96d03cf002d260e114dd04f02eacc17328b30fef6759d7347fdd7a3e9d635cf5b911cc2607721f195d7a5f9cca10656c930a5667f79ccc633ddde5860
SSDEEP

6144:/G4+Arftn6JQqE2FaxVJYJ9828VQozFtYjH:n33YJ9PQQJj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1076	3244	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 3244	1328	rundll32.exe	80
PID 1328 wrote to memory of 3244	1328	rundll32.exe	80
PID 1328 wrote to memory of 3244	1328	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a172b3799540b4f655fd87e6fca41a7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a172b3799540b4f655fd87e6fca41a7_JaffaCakes118.dll,#1
  2⤵
  PID:3244
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 580
    3⤵
    - Program crash
    PID:1076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3244 -ip 3244
1⤵
PID:740