365da4c9c1181ea87debfb949d52876ceb3aa6fce620f28f76f81fa8a3c4ef04

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 07:00

Target

2f64b9c02098d0587a6dde2406fa3c81_JaffaCakes118.dll
Size

254KB
MD5

2f64b9c02098d0587a6dde2406fa3c81
SHA1

5383f38db01c1744cf2e894e9d335843502bc924
SHA256

365da4c9c1181ea87debfb949d52876ceb3aa6fce620f28f76f81fa8a3c4ef04
SHA512

7b4ff9f020535cc5f2a8ffd283bc52b890c4e7539b3fa751549f08c30a03abb09da9bbcc042270d4e6e68416fba66b09ac05fecc5d6756028908325427737a79
SSDEEP

6144:BxGwQk1gBeHds3Vwus+eAKJozDR6u3+m:2wQk1gZKJYx

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4756	4968	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 4968	856	rundll32.exe	82
PID 856 wrote to memory of 4968	856	rundll32.exe	82
PID 856 wrote to memory of 4968	856	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f64b9c02098d0587a6dde2406fa3c81_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f64b9c02098d0587a6dde2406fa3c81_JaffaCakes118.dll,#1
  2⤵
  PID:4968
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 816
    3⤵
    - Program crash
    PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4968 -ip 4968
1⤵
PID:1500