74ad5c06560a71faa2af226c95468480845a04af8dd1bde6cefb641cfde72ae0

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 14:09

Target

39732f89c537c930a7473cdd3139f451_JaffaCakes118.dll
Size

71KB
MD5

39732f89c537c930a7473cdd3139f451
SHA1

e4cb3bb0036511bc28c9626e692d498498da1b01
SHA256

74ad5c06560a71faa2af226c95468480845a04af8dd1bde6cefb641cfde72ae0
SHA512

267af967385dbedd80f67b472bed2a53348ee894424d4576ad4cf90bee4e73d2cf192c66d66ef3f495d98d39bb04d338a1a264cce0fe7368ff180f463eaae8ed
SSDEEP

1536:n+ukDMfPy3Pzm46jqD2lJfcJ2enJI9BC/z4toaf1000:+uiv3s+2gMeO9k/zcf1n0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2616	812	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 812	4912	rundll32.exe	83
PID 4912 wrote to memory of 812	4912	rundll32.exe	83
PID 4912 wrote to memory of 812	4912	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\39732f89c537c930a7473cdd3139f451_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\39732f89c537c930a7473cdd3139f451_JaffaCakes118.dll,#1
  2⤵
  PID:812
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 560
    3⤵
    - Program crash
    PID:2616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 812 -ip 812
1⤵
PID:412

memory/812-0-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download