6e913ce9fb03d7fb9c7a6605439a8921c48dec281f598fea05d734c197ce0507

Analysis

max time kernel
134s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 09:22

Target

1ac04aecbfe44b5f89126000fd7ee987_JaffaCakes118.dll
Size

14KB
MD5

1ac04aecbfe44b5f89126000fd7ee987
SHA1

3a45cea343a978cb5e9a2ffbd02f3244265584d4
SHA256

6e913ce9fb03d7fb9c7a6605439a8921c48dec281f598fea05d734c197ce0507
SHA512

8fa89ec760d69a587e6147e8663c0a57c8d0de974e5aeb441365839e09b30459f7bc4fa92ffa51ecfb79fbd9ac4add784dd74927bf181023fbed449da5b1d9e2
SSDEEP

384:Fglgn1ID4a7RfuBqwIfd0SKFEcszoiNyRGM:FOgniD4a1mBqww0ha+s

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3996	4400	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 4400	2664	rundll32.exe	82
PID 2664 wrote to memory of 4400	2664	rundll32.exe	82
PID 2664 wrote to memory of 4400	2664	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ac04aecbfe44b5f89126000fd7ee987_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ac04aecbfe44b5f89126000fd7ee987_JaffaCakes118.dll,#1
  2⤵
  PID:4400
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 548
    3⤵
    - Program crash
    PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4400 -ip 4400
1⤵
PID:4520

memory/4400-1-0x0000000000B9E000-0x0000000000B9F000-memory.dmp

Filesize
4KB

Download
memory/4400-0-0x0000000000B90000-0x0000000000BA0000-memory.dmp

Filesize
64KB

Download