c8e613ecd7b4783ea535f669d173a0306ba35b20de0f93e65015995feba43b6b

Analysis

max time kernel
93s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 10:17

Target

38b68790bb25bb424b805ffed610ee9c_JaffaCakes118.dll
Size

155KB
MD5

38b68790bb25bb424b805ffed610ee9c
SHA1

bed4b19f11c8b46d3098cf63b5159eac7b3ce428
SHA256

c8e613ecd7b4783ea535f669d173a0306ba35b20de0f93e65015995feba43b6b
SHA512

f86d549f12580641c8888cc05f1355ce6b305299864cc865dbd066b4649299ca9cb396471a2027e1a2bc9e9725adc8fdb2882b02e8536f88c67e9eaba892b838
SSDEEP

3072:QG2nb11GVTOeP5xh+ppanECyJRPjE/AYNHjE+ceo7Tho6nXZ:QTn/GVbP5xcppnPQndjEl9ThTp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3232	2868	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3852 wrote to memory of 2868	3852	rundll32.exe	85
PID 3852 wrote to memory of 2868	3852	rundll32.exe	85
PID 3852 wrote to memory of 2868	3852	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38b68790bb25bb424b805ffed610ee9c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\38b68790bb25bb424b805ffed610ee9c_JaffaCakes118.dll,#1
  2⤵
  PID:2868
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 612
    3⤵
    - Program crash
    PID:3232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2868 -ip 2868
1⤵
PID:4116