92b7b6d98b8ecb7f5195fc3d4737ee48cc34ffb31fcbb19f52116ae68ee6ac17

Analysis

max time kernel
95s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 08:13

Target

33edccca90f927300d0b75b0cdab45ed_JaffaCakes118.dll
Size

103KB
MD5

33edccca90f927300d0b75b0cdab45ed
SHA1

bb4bfbe2d9331c279324074fbc4fa7c4ce735c59
SHA256

92b7b6d98b8ecb7f5195fc3d4737ee48cc34ffb31fcbb19f52116ae68ee6ac17
SHA512

847ee3d5d84370c9e8f131becc6f5e6f65dc6ceb096fdfb189e305a2d295549f7060dafe61e735d5e6b5705152c7c3a5520a4b30ebb76e5a24524f204131f2a0
SSDEEP

1536:rPjXQ3xawGfOcnJxn89Iz4BjucXrK4pZ5:7jmIwFWJx8K0BvpZ5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3568	2836	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 2836	5040	rundll32.exe	82
PID 5040 wrote to memory of 2836	5040	rundll32.exe	82
PID 5040 wrote to memory of 2836	5040	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\33edccca90f927300d0b75b0cdab45ed_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\33edccca90f927300d0b75b0cdab45ed_JaffaCakes118.dll,#1
  2⤵
  PID:2836
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 560
    3⤵
    - Program crash
    PID:3568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2836 -ip 2836
1⤵
PID:2936

memory/2836-0-0x0000000010000000-0x000000001001C000-memory.dmp

Filesize
112KB

Download