1315979bc1af6c83b188445f4298016a61116ff50415e3bb96442d602676a49f

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 09:27

Target

2fd11478a1f517e383d99af32188e416_JaffaCakes118.dll
Size

92KB
MD5

2fd11478a1f517e383d99af32188e416
SHA1

bc9708cc458aff8fc4a70e4b6fbbf3eba0312435
SHA256

1315979bc1af6c83b188445f4298016a61116ff50415e3bb96442d602676a49f
SHA512

8859e96db1993f58520aa2fac2bdbe0c0428699b69d822d06b0734f5ab313cea58a1935b82e2ceaa73f1f3e37cf5ab859915707b743e9fd76ca4c1b2322e87ee
SSDEEP

1536:9bDo1k2xHU1xDtretA8kwfyHZp5Dz/SP/DD:9Pox0evaHZp5D+3P

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2372	3036	WerFault.exe	31

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 3036	3024	rundll32.exe	31
PID 3024 wrote to memory of 3036	3024	rundll32.exe	31
PID 3024 wrote to memory of 3036	3024	rundll32.exe	31
PID 3024 wrote to memory of 3036	3024	rundll32.exe	31
PID 3024 wrote to memory of 3036	3024	rundll32.exe	31
PID 3024 wrote to memory of 3036	3024	rundll32.exe	31
PID 3024 wrote to memory of 3036	3024	rundll32.exe	31
PID 3036 wrote to memory of 2372	3036	rundll32.exe	32
PID 3036 wrote to memory of 2372	3036	rundll32.exe	32
PID 3036 wrote to memory of 2372	3036	rundll32.exe	32
PID 3036 wrote to memory of 2372	3036	rundll32.exe	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2fd11478a1f517e383d99af32188e416_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2fd11478a1f517e383d99af32188e416_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3036
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 232
    3⤵
    - Program crash
    PID:2372