d2cec748ff277002601f35394c4a1aed0216fd8ba8fa94be10a4b4f9846248c2

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 13:42

Target

41e96a853eb5aff92eee691aec4b5514_JaffaCakes118.dll
Size

96KB
MD5

41e96a853eb5aff92eee691aec4b5514
SHA1

1b8af99512c39ac6ab94b8477a056c2ce9991137
SHA256

d2cec748ff277002601f35394c4a1aed0216fd8ba8fa94be10a4b4f9846248c2
SHA512

924e6df1bea28c572b9d35e72169c73b6b0ab94eb6a38dd06ba0ca90fd8e71d5e59e02b98f2faf691335a89130e580721ee098a144ed31f08e82fae96a769b49
SSDEEP

768:lVkimNrTgo766xiA7vMF3Dm60zLibLTlxjTWQ11T7iXqi4rlUI3KbhSdId2npTlI:lvexsA4Fr0YjTW1H4xUI6VSdVlHo

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2560	2792	WerFault.exe	31

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2792	2760	rundll32.exe	31
PID 2760 wrote to memory of 2792	2760	rundll32.exe	31
PID 2760 wrote to memory of 2792	2760	rundll32.exe	31
PID 2760 wrote to memory of 2792	2760	rundll32.exe	31
PID 2760 wrote to memory of 2792	2760	rundll32.exe	31
PID 2760 wrote to memory of 2792	2760	rundll32.exe	31
PID 2760 wrote to memory of 2792	2760	rundll32.exe	31
PID 2792 wrote to memory of 2560	2792	rundll32.exe	32
PID 2792 wrote to memory of 2560	2792	rundll32.exe	32
PID 2792 wrote to memory of 2560	2792	rundll32.exe	32
PID 2792 wrote to memory of 2560	2792	rundll32.exe	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\41e96a853eb5aff92eee691aec4b5514_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\41e96a853eb5aff92eee691aec4b5514_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2792
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 292
    3⤵
    - Program crash
    PID:2560