586d50124811b40e266e9882038308f593dfabe9214e35f4104177df8bbd6a87

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 04:10

Target

2108bd1c4860f25cb40a62f9f6e9f630_JaffaCakes118.dll
Size

1.1MB
MD5

2108bd1c4860f25cb40a62f9f6e9f630
SHA1

73462f78fb0e58f0868d4b6abd536e91bf383d90
SHA256

586d50124811b40e266e9882038308f593dfabe9214e35f4104177df8bbd6a87
SHA512

b662f4d5066822fa05b1461eca426aea2e62e70876db95ae34f442771bbbc0ef1129921740e1ada250337460df55b7dbfcd631ee4826dbaab4a697cf484d254f
SSDEEP

12288:KpHPdBG1Oefx1hHBH8W6buiwblDNhVvV5bKrCyuaXpH7I5rG+Ltg8:KFdBrefxtpGui4lD7ZV5+7AtLt

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
684	2604	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 2604	4872	rundll32.exe	81
PID 4872 wrote to memory of 2604	4872	rundll32.exe	81
PID 4872 wrote to memory of 2604	4872	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2108bd1c4860f25cb40a62f9f6e9f630_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2108bd1c4860f25cb40a62f9f6e9f630_JaffaCakes118.dll,#1
  2⤵
  PID:2604
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 676
    3⤵
    - Program crash
    PID:684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2604 -ip 2604
1⤵
PID:1904

memory/2604-0-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download