41a4e4862e5636042a6e95fb3c6c2d9772716b005f979d7694481de13c80ecc0

Analysis

max time kernel
93s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 12:16

Target

34ae0023a7efcf3be235b26fa0775423_JaffaCakes118.dll
Size

462KB
MD5

34ae0023a7efcf3be235b26fa0775423
SHA1

6f26306bfcdc31df8b45ee3b13966bc4956909e5
SHA256

41a4e4862e5636042a6e95fb3c6c2d9772716b005f979d7694481de13c80ecc0
SHA512

fb9eba57b769d90465cd31a360ce6abb187b39104fff6033bb258328ead52164e2ee5c050efa43d459edde40b89c1dba7b98715a4c821548c18dfb5985f0d7da
SSDEEP

12288:ZUOKyT1i25izu65IgkqBLI2EaBFv0k0hEdf:ZffT1SzjIgpL7vv0k0G

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4844	2604	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 2604	3520	rundll32.exe	82
PID 3520 wrote to memory of 2604	3520	rundll32.exe	82
PID 3520 wrote to memory of 2604	3520	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\34ae0023a7efcf3be235b26fa0775423_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\34ae0023a7efcf3be235b26fa0775423_JaffaCakes118.dll,#1
  2⤵
  PID:2604
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 548
    3⤵
    - Program crash
    PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2604 -ip 2604
1⤵
PID:2940