2cf7959f73d907e8b9c9eb27a4da7940ce8fcd79bc582281eac7e624391dc12f

Analysis

max time kernel
13s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 17:58

Target

3a2df6b82d08bfe3a1085607c797fbbb_JaffaCakes118.dll
Size

192KB
MD5

3a2df6b82d08bfe3a1085607c797fbbb
SHA1

41f9239834267519b86246070afe24e2d63a5967
SHA256

2cf7959f73d907e8b9c9eb27a4da7940ce8fcd79bc582281eac7e624391dc12f
SHA512

46fa6be3470d976e9d837a654eefd69223e0efc8169633a66471014ba2030159a22b4cb528cbbe756d9878c634887499bbb47eb772d888fc9b99301fc88e1c54
SSDEEP

3072:L2Y3I+bzJDHMXX32BUzmdET8xqo4Hw5VEgvHIjkXx:LI+bVsnUUz6RV7YkX

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
612	708	WerFault.exe	29

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 708	2352	rundll32.exe	29
PID 2352 wrote to memory of 708	2352	rundll32.exe	29
PID 2352 wrote to memory of 708	2352	rundll32.exe	29
PID 2352 wrote to memory of 708	2352	rundll32.exe	29
PID 2352 wrote to memory of 708	2352	rundll32.exe	29
PID 2352 wrote to memory of 708	2352	rundll32.exe	29
PID 2352 wrote to memory of 708	2352	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a2df6b82d08bfe3a1085607c797fbbb_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a2df6b82d08bfe3a1085607c797fbbb_JaffaCakes118.dll,#1
  2⤵
  PID:708
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 296
    3⤵
    - Program crash
    PID:612