81494272257ca0d4f2de88c9c353cf100ab6cfef58c2da49f320fb56911b75e4

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 20:54

Target

2dc3859f407240ba0488e7b8fa82c90e_JaffaCakes118.dll
Size

33KB
MD5

2dc3859f407240ba0488e7b8fa82c90e
SHA1

825712142367660405771584232538c1c88680d4
SHA256

81494272257ca0d4f2de88c9c353cf100ab6cfef58c2da49f320fb56911b75e4
SHA512

820b8e4fc0d04b0a1f7eb363eb6920dd5586d49b7289d3e82402530fb8a7f863445fc901423cf349e77a5a4ebdfec96cd14610a307e4f87977a0e9bf9782f5fb
SSDEEP

384:pI4xxXNWM07WEnX4kDGDykI9K3xL9pL7ysp8DDzdy3u37upF+L6DdQRkkyk0RRa1:ZjEZwy1+Pv1pWDhy67uTlDdQWtMY4M2

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3600	2856	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3656 wrote to memory of 2856	3656	rundll32.exe	82
PID 3656 wrote to memory of 2856	3656	rundll32.exe	82
PID 3656 wrote to memory of 2856	3656	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2dc3859f407240ba0488e7b8fa82c90e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3656
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2dc3859f407240ba0488e7b8fa82c90e_JaffaCakes118.dll,#1
  2⤵
  PID:2856
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 580
    3⤵
    - Program crash
    PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2856 -ip 2856
1⤵
PID:5084

memory/2856-0-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download