87956751b6a9b2a754bdf3175bf69adf7df5003b21f1bf1c30d0d815c3ecbd04

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 16:46

Target

2d14dcf8cc825b6b903413ea7aada8f9_JaffaCakes118.dll
Size

12KB
MD5

2d14dcf8cc825b6b903413ea7aada8f9
SHA1

5652748b19fa4cf52a1746262e2514358e2e57db
SHA256

87956751b6a9b2a754bdf3175bf69adf7df5003b21f1bf1c30d0d815c3ecbd04
SHA512

19aad5689518f2f061f9c72be127a509d9432ba7392c986575ed449f7dfca17fd3d63d1b42266922f462f9cc7ee9bddea7d725e744839ed0e00cde01eb771d22
SSDEEP

192:NDOt73gLte01Yxx0R8fBaRbGFnBO1novHtVqI670fvX+2aOdp:skY01YnA8fBsynBO1nsD4wmwn

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2052	5104	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3568 wrote to memory of 5104	3568	rundll32.exe	82
PID 3568 wrote to memory of 5104	3568	rundll32.exe	82
PID 3568 wrote to memory of 5104	3568	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d14dcf8cc825b6b903413ea7aada8f9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3568
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d14dcf8cc825b6b903413ea7aada8f9_JaffaCakes118.dll,#1
  2⤵
  PID:5104
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 544
    3⤵
    - Program crash
    PID:2052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5104 -ip 5104
1⤵
PID:1536