1467c47dc9ba49f65523d961b94276ea8c58e5f363ca5fa2d5361cce5ae204bb

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 00:03

Target

3f69a019d3c18fccc1fe1554f69d701e_JaffaCakes118.dll
Size

2KB
MD5

3f69a019d3c18fccc1fe1554f69d701e
SHA1

b58938888a2ecfcb3bbca711e5f7856ad0d71f5b
SHA256

1467c47dc9ba49f65523d961b94276ea8c58e5f363ca5fa2d5361cce5ae204bb
SHA512

e7c9e2e04f685bc2cb4d04f8f7769fda630a449747d23958060e50f75bbfb1567c56855b2767a6c8f5fc58051042e3320310f7654c8216f7ea486c9e589a4758

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3660	2184	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 2184	632	rundll32.exe	83
PID 632 wrote to memory of 2184	632	rundll32.exe	83
PID 632 wrote to memory of 2184	632	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f69a019d3c18fccc1fe1554f69d701e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f69a019d3c18fccc1fe1554f69d701e_JaffaCakes118.dll,#1
  2⤵
  PID:2184
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 548
    3⤵
    - Program crash
    PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2184 -ip 2184
1⤵
PID:5000

memory/2184-0-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download