7baf740501165f59f19d668eb9352664149f586d133eab5b7c1f6bab9500aad8

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 14:57

Target

2cc68ee3b9d502b1c79d1db70337ba6d_JaffaCakes118.dll
Size

60KB
MD5

2cc68ee3b9d502b1c79d1db70337ba6d
SHA1

1c9bd8c966b17d6652103c4073a83a33b19c4459
SHA256

7baf740501165f59f19d668eb9352664149f586d133eab5b7c1f6bab9500aad8
SHA512

ef8216472f3053b3df6fcc50c1a7b8a3ea550e785c86838ab1e8d2a6d8f02b781dafef5e907a7659183eff874109ccf4bfa80159338546746138eb88d28e5d58
SSDEEP

768:lloactgPv75DygFf7jGYrZaaOScRmcnuWSD6+/WPTymdYHCttt7kGk:liacEv71zDjnh9FDDteP0it7Y

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2360	2652	WerFault.exe	31

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2652	2476	rundll32.exe	31
PID 2476 wrote to memory of 2652	2476	rundll32.exe	31
PID 2476 wrote to memory of 2652	2476	rundll32.exe	31
PID 2476 wrote to memory of 2652	2476	rundll32.exe	31
PID 2476 wrote to memory of 2652	2476	rundll32.exe	31
PID 2476 wrote to memory of 2652	2476	rundll32.exe	31
PID 2476 wrote to memory of 2652	2476	rundll32.exe	31
PID 2652 wrote to memory of 2360	2652	rundll32.exe	32
PID 2652 wrote to memory of 2360	2652	rundll32.exe	32
PID 2652 wrote to memory of 2360	2652	rundll32.exe	32
PID 2652 wrote to memory of 2360	2652	rundll32.exe	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cc68ee3b9d502b1c79d1db70337ba6d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cc68ee3b9d502b1c79d1db70337ba6d_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 224
    3⤵
    - Program crash
    PID:2360