fd9e78539c7ee241229fa2c7a8d5e3b89e6fd83a2f6668e50cabc05497165c4c

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 09:51

Target

281d90ad19ad5c3ab1e4ebc14ddfcb30_JaffaCakes118.dll
Size

204KB
MD5

281d90ad19ad5c3ab1e4ebc14ddfcb30
SHA1

a3229737f8373846e9b85162fe32d9c78977892e
SHA256

fd9e78539c7ee241229fa2c7a8d5e3b89e6fd83a2f6668e50cabc05497165c4c
SHA512

f63e45b9c47399ec0e461dbc3bacbde43651e0e48c59b16176c0970e3234be9ed9c2e2ab16ec996d1e74e84737f04584879c03f74a8e05893907da6a082828da
SSDEEP

3072:mMkZXb9Bj7OWLYNdyDIGjv8T68JuEb2753qTGP1Ssc7RoPmH0qHpcO5VSfjMvMsr:86Mu6uk3ExEsZ5L

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4220	860	WerFault.exe	82
5092	860	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 544 wrote to memory of 860	544	rundll32.exe	82
PID 544 wrote to memory of 860	544	rundll32.exe	82
PID 544 wrote to memory of 860	544	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\281d90ad19ad5c3ab1e4ebc14ddfcb30_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\281d90ad19ad5c3ab1e4ebc14ddfcb30_JaffaCakes118.dll,#1
  2⤵
  PID:860
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 592
    3⤵
    - Program crash
    PID:4220
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 804
    3⤵
    - Program crash
    PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 860 -ip 860
1⤵
PID:1560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 860 -ip 860
1⤵
PID:3280