14e4a83e32e879cbaeb7ba181474f12631ba48dce64bd01d2cb4eb231ffb0a28

Analysis

max time kernel
94s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 02:24

Target

43eb8d4bbe2601c8ea01bda29fe3c4f8_JaffaCakes118.dll
Size

28KB
MD5

43eb8d4bbe2601c8ea01bda29fe3c4f8
SHA1

aa02287fb9497cfa39bc75cda65bfa1c631545d3
SHA256

14e4a83e32e879cbaeb7ba181474f12631ba48dce64bd01d2cb4eb231ffb0a28
SHA512

e9cb37f1ec84bfb8a8378d3a7575bc8715114d7b06e384e893c7b6f6281cc194ae433615c1139e6895a3d6a7ae53305fe56ee04f0aa2699973dd5c4bddfe26b4
SSDEEP

768:4/vPVZdod27SFtsOTL+wUfcDBWqjyzN3GzI/a:AXpSF7L+wUfcQqjyzf/a

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3020	3552	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 3552	2392	rundll32.exe	83
PID 2392 wrote to memory of 3552	2392	rundll32.exe	83
PID 2392 wrote to memory of 3552	2392	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\43eb8d4bbe2601c8ea01bda29fe3c4f8_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\43eb8d4bbe2601c8ea01bda29fe3c4f8_JaffaCakes118.dll,#1
  2⤵
  PID:3552
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 540
    3⤵
    - Program crash
    PID:3020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3552 -ip 3552
1⤵
PID:4748

memory/3552-0-0x0000000010000000-0x0000000010016000-memory.dmp

Filesize
88KB

Download