1ac78ccf1ed6d87a1ed3640e60f6cdd69f10654c64f70570637e9227175b073f

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 01:01 UTC

Target

32b416f3e7e0439190cce09408aa5582_JaffaCakes118.dll
Size

37KB
MD5

32b416f3e7e0439190cce09408aa5582
SHA1

2a97d5add15c236b61eda5f1f175717dc6e869c5
SHA256

1ac78ccf1ed6d87a1ed3640e60f6cdd69f10654c64f70570637e9227175b073f
SHA512

5ff5f7ad85e19b551bbb91b9f6e58848c21c710e6c60b8dfdbc8f79dbe3a702449bed9523946eb9fa216931f6fce98599d80fcba4190aa1124ab3b17fa222267
SSDEEP

768:OBvUOstEuG5UcO+k93pxT28LSSHZkbhxNeDQDSkKXG6gPoBZr:OBvUOv3AxT2gGPNeMDSVXgPoBZr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1988	2104	WerFault.exe	30

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2104	1976	rundll32.exe	30
PID 1976 wrote to memory of 2104	1976	rundll32.exe	30
PID 1976 wrote to memory of 2104	1976	rundll32.exe	30
PID 1976 wrote to memory of 2104	1976	rundll32.exe	30
PID 1976 wrote to memory of 2104	1976	rundll32.exe	30
PID 1976 wrote to memory of 2104	1976	rundll32.exe	30
PID 1976 wrote to memory of 2104	1976	rundll32.exe	30
PID 2104 wrote to memory of 1988	2104	rundll32.exe	31
PID 2104 wrote to memory of 1988	2104	rundll32.exe	31
PID 2104 wrote to memory of 1988	2104	rundll32.exe	31
PID 2104 wrote to memory of 1988	2104	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\32b416f3e7e0439190cce09408aa5582_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\32b416f3e7e0439190cce09408aa5582_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2104
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 260
    3⤵
    - Program crash
    PID:1988