93944f484d1f68b5814a66554d3a64dfc36e2762ade299867c2d3ca604b5c55d

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 16:17

Target

426c51860dffdf39f1a9451ee7c2b676_JaffaCakes118.dll
Size

218KB
MD5

426c51860dffdf39f1a9451ee7c2b676
SHA1

b5d63fce31a924368fadf33aafb85b2c7eeb828a
SHA256

93944f484d1f68b5814a66554d3a64dfc36e2762ade299867c2d3ca604b5c55d
SHA512

bfbe458fa162736dcfd624bf9d7afd7fa34c4bff3af4c40f8bf0ead190b7e332cd2c62b6e8bedf61d296fc33e31550d57c8ea9631ca383b4362c45f1eb2dcdb2
SSDEEP

6144:uNuqW5uj9F0exP8vNyPenbVcxnKoyVZ9mgoaj+aSEB:uwe0ex8VyWnb+Kou9uaS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4636	2640	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 2640	1412	rundll32.exe	83
PID 1412 wrote to memory of 2640	1412	rundll32.exe	83
PID 1412 wrote to memory of 2640	1412	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\426c51860dffdf39f1a9451ee7c2b676_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\426c51860dffdf39f1a9451ee7c2b676_JaffaCakes118.dll,#1
  2⤵
  PID:2640
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 580
    3⤵
    - Program crash
    PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2640 -ip 2640
1⤵
PID:4828