463eb9619df56d148c7c4fedaca233852a29c57c78c8089f6f9b06c6c8419200

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 21:25

Target

4366bc38eb5f39b8e0999416faac5be4_JaffaCakes118.dll
Size

84KB
MD5

4366bc38eb5f39b8e0999416faac5be4
SHA1

d49902637bec67a5fceb3b8df5d992f21ad088bf
SHA256

463eb9619df56d148c7c4fedaca233852a29c57c78c8089f6f9b06c6c8419200
SHA512

1d29e1cfc79f9b5efdb4380c4eb224c15b0032ae317657d854aebfb895c51615d0473d8a7af46e472709dcf7b33675a783f8b11a092c9a709ad113a426968102
SSDEEP

768:FR3pCP49aRu31KmwnkTYQ1z6n4SFb37+wSq5hbMiBNdmbwItYdQciv7h:FR3p0GaRad1Yq6n4SFb7+ar3daxtYy7

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1248	2524	WerFault.exe	30

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2524	2400	rundll32.exe	30
PID 2400 wrote to memory of 2524	2400	rundll32.exe	30
PID 2400 wrote to memory of 2524	2400	rundll32.exe	30
PID 2400 wrote to memory of 2524	2400	rundll32.exe	30
PID 2400 wrote to memory of 2524	2400	rundll32.exe	30
PID 2400 wrote to memory of 2524	2400	rundll32.exe	30
PID 2400 wrote to memory of 2524	2400	rundll32.exe	30
PID 2524 wrote to memory of 1248	2524	rundll32.exe	32
PID 2524 wrote to memory of 1248	2524	rundll32.exe	32
PID 2524 wrote to memory of 1248	2524	rundll32.exe	32
PID 2524 wrote to memory of 1248	2524	rundll32.exe	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4366bc38eb5f39b8e0999416faac5be4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4366bc38eb5f39b8e0999416faac5be4_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2524
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 264
    3⤵
    - Program crash
    PID:1248

memory/2524-1-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2524-2-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2524-0-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2524-3-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2524-4-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download