887597013d52ace44279302ac389dbb893b3fd88e7ba3c51e72c694f92b61ca6

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 17:01

Target

3e28992fe9a2f6e32a2749488b0be2ce_JaffaCakes118.dll
Size

35KB
MD5

3e28992fe9a2f6e32a2749488b0be2ce
SHA1

c80187447a228aaf2240fbcfd455cb7df03cc48b
SHA256

887597013d52ace44279302ac389dbb893b3fd88e7ba3c51e72c694f92b61ca6
SHA512

67083f02b8c8c52cace93746601bcdfcad5e3a9d61689a4093282e6c0203085cb147f03982a6c9ed72151ed3df081e65e617fea47c0b2affb5e3ddb18c099636
SSDEEP

768:XyIqvQQgyk+F3jhJXX01FJIePjUp/593v9llbqssglCjj5aT0:iIqvQmkeOJ5Uh1zxoN

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4556	1448	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3168 wrote to memory of 1448	3168	rundll32.exe	83
PID 3168 wrote to memory of 1448	3168	rundll32.exe	83
PID 3168 wrote to memory of 1448	3168	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e28992fe9a2f6e32a2749488b0be2ce_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3168
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e28992fe9a2f6e32a2749488b0be2ce_JaffaCakes118.dll,#1
  2⤵
  PID:1448
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 664
    3⤵
    - Program crash
    PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1448 -ip 1448
1⤵
PID:3012

memory/1448-0-0x00000000006E0000-0x00000000006EF000-memory.dmp

Filesize
60KB

Download
memory/1448-1-0x00000000006E0000-0x00000000006EF000-memory.dmp

Filesize
60KB

Download