ea8a7462c5fb3dd62e228f7f7509863072864d034c6634ea7552d667df2437e5

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 10:26

Target

300174a3dbc6a6edbdceb448732db722_JaffaCakes118.dll
Size

38KB
MD5

300174a3dbc6a6edbdceb448732db722
SHA1

6286b141588f866a54b6060403efc9bacc9f8b00
SHA256

ea8a7462c5fb3dd62e228f7f7509863072864d034c6634ea7552d667df2437e5
SHA512

ff6e1ea5cf2e7c8b7a853d9d511ac8feb3c1f6849a421a6a87b4c274b0905fd5518f26cf8e5921c2c92a2e69f5eea7d7d909eacac4de97d3c24e2bf175babffa
SSDEEP

768:wyIqvQQhXaq+M1jegAUkVkc6d+n88OAFccj5Pc0T:HIqvQmkTUbLd+n87Uz

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5080	1512	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4972 wrote to memory of 1512	4972	rundll32.exe	83
PID 4972 wrote to memory of 1512	4972	rundll32.exe	83
PID 4972 wrote to memory of 1512	4972	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\300174a3dbc6a6edbdceb448732db722_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\300174a3dbc6a6edbdceb448732db722_JaffaCakes118.dll,#1
  2⤵
  PID:1512
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 628
    3⤵
    - Program crash
    PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1512 -ip 1512
1⤵
PID:2408

memory/1512-0-0x0000000000770000-0x000000000077F000-memory.dmp

Filesize
60KB

Download
memory/1512-1-0x0000000000770000-0x000000000077F000-memory.dmp

Filesize
60KB

Download