108ca2057c3842af99c4b5af04a5bba8fe5a579d2a95343308ddb1842a4b02a0

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 22:21

Target

3af056dbfdc7668299c8f2ce27bacebb_JaffaCakes118.dll
Size

352KB
MD5

3af056dbfdc7668299c8f2ce27bacebb
SHA1

bff13dc1ceff81b1b291efde2ae5c335319d1a2f
SHA256

108ca2057c3842af99c4b5af04a5bba8fe5a579d2a95343308ddb1842a4b02a0
SHA512

1e0ca401707d1f5917400953af6e6480e2714b095c2218485662c54bfb7ca8b504639a06e389e55bbe21bc421741b82c17bd2b5fe2e6c3005ee5a42dcbaf7d62
SSDEEP

6144:gAg27ufmm2cQcIlQ/xwbAI+b40IzJJW67QD4wHwItze6+ApcpNQOt3UUf:K2cQ7UkT+9I/nk4swIJ+mANht3J

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4624	3020	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 3020	1448	rundll32.exe	82
PID 1448 wrote to memory of 3020	1448	rundll32.exe	82
PID 1448 wrote to memory of 3020	1448	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3af056dbfdc7668299c8f2ce27bacebb_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3af056dbfdc7668299c8f2ce27bacebb_JaffaCakes118.dll,#1
  2⤵
  PID:3020
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 616
    3⤵
    - Program crash
    PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3020 -ip 3020
1⤵
PID:3324

memory/3020-0-0x0000000010000000-0x0000000010058000-memory.dmp

Filesize
352KB

Download
memory/3020-1-0x0000000010000000-0x0000000010058000-memory.dmp

Filesize
352KB

Download