b0de8d3b90e53a9070993f5cc0cd9cdea18ee60483b279e484e04e756c624772

Analysis

max time kernel
14s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 04:01

Target

3bea740cc41f5b7908aed6012f2b2971_JaffaCakes118.dll
Size

14KB
MD5

3bea740cc41f5b7908aed6012f2b2971
SHA1

b5becd90b49aac1e2e564f6831a49370cbe9b7bb
SHA256

b0de8d3b90e53a9070993f5cc0cd9cdea18ee60483b279e484e04e756c624772
SHA512

cfb1a10866eda9ffd1368b12390ecd20417343dbbd2e4b8f3c91b84d6e5794dfa7973fcf3a3a043c046613d40885d2edea4f1181fe85f6b29a49bea7811998ce
SSDEEP

192:cFp/KIgWPwkEIo3UXNBM2UqWsH3UXT4PuBBQ6PRQkOgAIjm8QXt:cFlK0Pq3CBxXUEPuBBQARQkmIjmj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2196	2736	WerFault.exe	29

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 2736	2992	rundll32.exe	29
PID 2992 wrote to memory of 2736	2992	rundll32.exe	29
PID 2992 wrote to memory of 2736	2992	rundll32.exe	29
PID 2992 wrote to memory of 2736	2992	rundll32.exe	29
PID 2992 wrote to memory of 2736	2992	rundll32.exe	29
PID 2992 wrote to memory of 2736	2992	rundll32.exe	29
PID 2992 wrote to memory of 2736	2992	rundll32.exe	29
PID 2736 wrote to memory of 2196	2736	rundll32.exe	30
PID 2736 wrote to memory of 2196	2736	rundll32.exe	30
PID 2736 wrote to memory of 2196	2736	rundll32.exe	30
PID 2736 wrote to memory of 2196	2736	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bea740cc41f5b7908aed6012f2b2971_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bea740cc41f5b7908aed6012f2b2971_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 228
    3⤵
    - Program crash
    PID:2196