3fb57a8106f88bdb229ee6a631fda559fa68ad9583b015df4f7b9264b2779862

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 09:23

Target

388d3321948d6045643ef120c18e4f4a_JaffaCakes118.dll
Size

268KB
MD5

388d3321948d6045643ef120c18e4f4a
SHA1

c9cf7a2e0368f604e8fb93b27cac6b9a3e6a833a
SHA256

3fb57a8106f88bdb229ee6a631fda559fa68ad9583b015df4f7b9264b2779862
SHA512

90850b8cb06b5bde97a293b1f8ea86473291b10c32080a3addb4aa67527e597a4378fa3fa1b58a90f52a80b0af82b7d75e8b194142738dd6c02013ca50ff4ca7
SSDEEP

6144:Ekd9CGvei1leiNKxuSzga8IvLJatCf0ZowHDuQMJopHJw1BD7:EwFv1/KcLyItC8ZowHNJpp4D7

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2016	2476	WerFault.exe	31

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2476	rundll32.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2476	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 2476	2984	rundll32.exe	31
PID 2984 wrote to memory of 2476	2984	rundll32.exe	31
PID 2984 wrote to memory of 2476	2984	rundll32.exe	31
PID 2984 wrote to memory of 2476	2984	rundll32.exe	31
PID 2984 wrote to memory of 2476	2984	rundll32.exe	31
PID 2984 wrote to memory of 2476	2984	rundll32.exe	31
PID 2984 wrote to memory of 2476	2984	rundll32.exe	31
PID 2476 wrote to memory of 2016	2476	rundll32.exe	32
PID 2476 wrote to memory of 2016	2476	rundll32.exe	32
PID 2476 wrote to memory of 2016	2476	rundll32.exe	32
PID 2476 wrote to memory of 2016	2476	rundll32.exe	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\388d3321948d6045643ef120c18e4f4a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\388d3321948d6045643ef120c18e4f4a_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2476
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 244
    3⤵
    - Program crash
    PID:2016

memory/2476-0-0x0000000013140000-0x000000001322F000-memory.dmp

Filesize
956KB

Download
memory/2476-1-0x0000000013140000-0x000000001322F000-memory.dmp

Filesize
956KB

Download
memory/2476-3-0x0000000013140000-0x000000001322F000-memory.dmp

Filesize
956KB

Download
memory/2476-2-0x00000000131E9000-0x00000000131EA000-memory.dmp

Filesize
4KB

Download
memory/2476-4-0x0000000013140000-0x000000001322F000-memory.dmp

Filesize
956KB

Download
memory/2476-5-0x0000000013140000-0x000000001322F000-memory.dmp

Filesize
956KB

Download
memory/2476-6-0x00000000131E9000-0x00000000131EA000-memory.dmp

Filesize
4KB

Download