575a286a2ca476803b7f09395fa106645bcd29de4071c763396915c4e16f58b7

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 14:29

Target

351d15cd66c20a76a3f2fe6c6fdc67d2_JaffaCakes118.dll
Size

9KB
MD5

351d15cd66c20a76a3f2fe6c6fdc67d2
SHA1

79cf1a724735b53fb34b80af3bdf43510bf466b5
SHA256

575a286a2ca476803b7f09395fa106645bcd29de4071c763396915c4e16f58b7
SHA512

6c59560291ff9cd039f33844c71d4169a6e08a4573e6ea970cef16ae9ae229b9fc85cc2319e30d518fc09e3a4a061b28888780c87fec1a6ae19b065c3226b5e6
SSDEEP

96:q1V7dR7uwEU+hCT3GrxZ4MUtPNlz0MdG8EWvdM3IWwG34b:kuwEt8rsTUtPLzKNWSYWF4b

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2060	708	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 708	4848	rundll32.exe	83
PID 4848 wrote to memory of 708	4848	rundll32.exe	83
PID 4848 wrote to memory of 708	4848	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\351d15cd66c20a76a3f2fe6c6fdc67d2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\351d15cd66c20a76a3f2fe6c6fdc67d2_JaffaCakes118.dll,#1
  2⤵
  PID:708
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 624
    3⤵
    - Program crash
    PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 708 -ip 708
1⤵
PID:4184

memory/708-0-0x0000000000CA0000-0x0000000000CA7000-memory.dmp

Filesize
28KB

Download
memory/708-1-0x0000000000CA0000-0x0000000000CA7000-memory.dmp

Filesize
28KB

Download