2abe19a300da3edf5a61c8e30064e78d3f06cc5ad897eedbf7c4685386734128

Analysis

max time kernel
94s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 18:38

Target

318448cd3fd73c7baa79cbbaace76d51_JaffaCakes118.dll
Size

73KB
MD5

318448cd3fd73c7baa79cbbaace76d51
SHA1

137a6dbe59091598d1717fcd708287c9009c3773
SHA256

2abe19a300da3edf5a61c8e30064e78d3f06cc5ad897eedbf7c4685386734128
SHA512

d18d7b8041b05f67580b960658d4b9f17318a36b0f6d2b1b89326e1d889492c0c2ed516bedf41e8481e56d5bcf491dfded6e16915d312b1f496aa162ac0af26f
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
756	1668	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 1668	2856	rundll32.exe	81
PID 2856 wrote to memory of 1668	2856	rundll32.exe	81
PID 2856 wrote to memory of 1668	2856	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\318448cd3fd73c7baa79cbbaace76d51_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\318448cd3fd73c7baa79cbbaace76d51_JaffaCakes118.dll,#1
  2⤵
  PID:1668
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 600
    3⤵
    - Program crash
    PID:756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1668 -ip 1668
1⤵
PID:1752