5fb1e68a7808014c0fb705a015b269f18f8ac8060c8c4ba8883ec739fa7a90f6

Analysis

max time kernel
93s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 07:12

Target

29d04e01fa91e495375cd32ef024e7d8_JaffaCakes118.dll
Size

274KB
MD5

29d04e01fa91e495375cd32ef024e7d8
SHA1

cf9073232f36911fb1f8b54f7c45d7ebb41529f2
SHA256

5fb1e68a7808014c0fb705a015b269f18f8ac8060c8c4ba8883ec739fa7a90f6
SHA512

dde5cf5ce41f9ce8771592e5a7054e4ad2e57b39e2afc7157c05b4bcf946c1a1f6ecf11a2bfdc4c7915452a9a177091e813f730cb2ab83bac52e035ae82ee90a
SSDEEP

6144:oI+gt8DaZDjOdaEGPj/m8VvOEPl3TstFY2BPTKO:oI+geaZkaDPjfAA3oF/hTN

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2032	4468	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 4468	2540	rundll32.exe	82
PID 2540 wrote to memory of 4468	2540	rundll32.exe	82
PID 2540 wrote to memory of 4468	2540	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29d04e01fa91e495375cd32ef024e7d8_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\29d04e01fa91e495375cd32ef024e7d8_JaffaCakes118.dll,#1
  2⤵
  PID:4468
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 548
    3⤵
    - Program crash
    PID:2032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4468 -ip 4468
1⤵
PID:784

memory/4468-0-0x0000000010000000-0x00000000100A6000-memory.dmp

Filesize
664KB

Download