4fa1cc8ffbdeb0e3437b971e04d296b508ccac478abbf65980b854e093c5b6a2

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 23:04

Target

29873857842c500241b69bc371f23067_JaffaCakes118.dll
Size

44KB
MD5

29873857842c500241b69bc371f23067
SHA1

7f6db4b573708f7871a16172cd57f78002abff20
SHA256

4fa1cc8ffbdeb0e3437b971e04d296b508ccac478abbf65980b854e093c5b6a2
SHA512

6f148709fa87371d353b70cbe24d94482d7ef57f84049294fc721f7c78d7e6462fc125115fa831696f497a7eb505a5a7bd2135203a886befb13811edf54f2e0b
SSDEEP

768:Xtdp79H1SFDE0dRx/pjwDQvg8Q+w63KDrYRwNpvA:d39VyE0njQTBe

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2920	1220	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 1220	1572	rundll32.exe	82
PID 1572 wrote to memory of 1220	1572	rundll32.exe	82
PID 1572 wrote to memory of 1220	1572	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29873857842c500241b69bc371f23067_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1572
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\29873857842c500241b69bc371f23067_JaffaCakes118.dll,#1
  2⤵
  PID:1220
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 628
    3⤵
    - Program crash
    PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1220 -ip 1220
1⤵
PID:4456