7dc3effabc4dc722b2839cef4c8d86f9dae6679e4403c0861e4aa228280dd450

Analysis

max time kernel
139s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 14:10

Target

3db1cef7d0b8ba2dce186a960efe5b39_JaffaCakes118.dll
Size

9KB
MD5

3db1cef7d0b8ba2dce186a960efe5b39
SHA1

0b5d41c892c3519f5af0516ba4b2bd07e1d763ca
SHA256

7dc3effabc4dc722b2839cef4c8d86f9dae6679e4403c0861e4aa228280dd450
SHA512

e147b3c846ba6bc9a566f2770651c810b89b92cda3f40d35fd3db42ca82086ca436f480eb73a6c217d9ff838759570c99cff5db3bfa3412876534e61d1b25b71
SSDEEP

96:q1V7dR7uwEU+hCT3GrxZ4MUtPNlz0MdG8EWvdM3IWwG34b:kuwEt8rsTUtPLzKNWSYWF4b

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3692	2012	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1580 wrote to memory of 2012	1580	rundll32.exe	85
PID 1580 wrote to memory of 2012	1580	rundll32.exe	85
PID 1580 wrote to memory of 2012	1580	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3db1cef7d0b8ba2dce186a960efe5b39_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1580
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3db1cef7d0b8ba2dce186a960efe5b39_JaffaCakes118.dll,#1
  2⤵
  PID:2012
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 624
    3⤵
    - Program crash
    PID:3692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2012 -ip 2012
1⤵
PID:1124

memory/2012-0-0x00000000005D0000-0x00000000005D7000-memory.dmp

Filesize
28KB

Download
memory/2012-1-0x00000000005D0000-0x00000000005D7000-memory.dmp

Filesize
28KB

Download