2dfb6fcc200a2de6b6503fcc1ce38a3483c097aa4e473d0f78e72b193fdc4be5

Analysis

max time kernel
93s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 14:40

Target

3dca77522b9d3bc5524880848b16371e_JaffaCakes118.dll
Size

76KB
MD5

3dca77522b9d3bc5524880848b16371e
SHA1

39da8978dba3eb26065cb6884b7bce81c020be4b
SHA256

2dfb6fcc200a2de6b6503fcc1ce38a3483c097aa4e473d0f78e72b193fdc4be5
SHA512

4cfc52b39caef693d6a96482624faf379b5cd61b484526d1f12c187255dbe00fb337b62a5108d29223f823850eaf96a7b96dbe85575ed7105bda409578cd484b
SSDEEP

768:sh2/k4Wh1eUdLmF3rCW2cfQaECAsyS2YNPx5xWNpB/9tNVl:3/wdLmFrJH1AsyS2IIB/Jv

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3672	1652	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4284 wrote to memory of 1652	4284	rundll32.exe	83
PID 4284 wrote to memory of 1652	4284	rundll32.exe	83
PID 4284 wrote to memory of 1652	4284	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3dca77522b9d3bc5524880848b16371e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4284
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3dca77522b9d3bc5524880848b16371e_JaffaCakes118.dll,#1
  2⤵
  PID:1652
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 600
    3⤵
    - Program crash
    PID:3672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 1652 -ip 1652
1⤵
PID:4196