1beb6f13db0102626637247c9e597ac8fb9ab78d2102b3528cf86816cd0a60db

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 22:42

Target

2e165a94a4193dfc95a577d3f6f3ea58_JaffaCakes118.dll
Size

112KB
MD5

2e165a94a4193dfc95a577d3f6f3ea58
SHA1

424f2a431ea1b2163e39cc5d48a8b6bfcdde693f
SHA256

1beb6f13db0102626637247c9e597ac8fb9ab78d2102b3528cf86816cd0a60db
SHA512

ba43d64471c1fcceae05d69db4c41eb4159fee31cdbbbd9a05a0384d2cadd36612f431e85f18d7c4cf3adb9b9a3fa0aa2e0269e15ae699ecaa1c8b8bb559a8b4
SSDEEP

1536:rfinc95DAucIP4+xnbAEIPO3e/Kat6LLtKqQq7j3cFoCnljtARHkUjy:zBLYIAVPie/Kat6FKqQqXsFoatAtk

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1184	1996	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 1996	1944	rundll32.exe	82
PID 1944 wrote to memory of 1996	1944	rundll32.exe	82
PID 1944 wrote to memory of 1996	1944	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e165a94a4193dfc95a577d3f6f3ea58_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e165a94a4193dfc95a577d3f6f3ea58_JaffaCakes118.dll,#1
  2⤵
  PID:1996
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 600
    3⤵
    - Program crash
    PID:1184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1996 -ip 1996
1⤵
PID:3388

memory/1996-0-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download