9225f13fcbd38fc5ce4b0abe5b391021f3c5a47f0cf1b38933761e75c382017d

Analysis

max time kernel
93s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 10:18

Target

2bf4dc33fac215db04c9cfa412e27289_JaffaCakes118.dll
Size

72KB
MD5

2bf4dc33fac215db04c9cfa412e27289
SHA1

c2cf4d0c8f5a39e11eda092dc487d4690406e63d
SHA256

9225f13fcbd38fc5ce4b0abe5b391021f3c5a47f0cf1b38933761e75c382017d
SHA512

755d378dc605286c55e2d84da3fcb490875945fadd5c176df708df58f9c90413f7dbea31fdaebf5351a8d18faa411a3fd70d32d02e245e0895635cf60b8d2b7b
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4860	4880	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3944 wrote to memory of 4880	3944	rundll32.exe	82
PID 3944 wrote to memory of 4880	3944	rundll32.exe	82
PID 3944 wrote to memory of 4880	3944	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bf4dc33fac215db04c9cfa412e27289_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3944
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bf4dc33fac215db04c9cfa412e27289_JaffaCakes118.dll,#1
  2⤵
  PID:4880
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 600
    3⤵
    - Program crash
    PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4880 -ip 4880
1⤵
PID:1516