2e3fcd5509936fe7c1c9697b2a5b13aa7b7b5106631b26efa22acdb7bbcd79f5

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 03:29

Target

441c9c9b8d0e2c4be004e5a8b4442079_JaffaCakes118.dll
Size

84KB
MD5

441c9c9b8d0e2c4be004e5a8b4442079
SHA1

3ae6dd89faab71e4d754666b9b4430e9c1959bb4
SHA256

2e3fcd5509936fe7c1c9697b2a5b13aa7b7b5106631b26efa22acdb7bbcd79f5
SHA512

3bbe2798398b1af063ffb2489acc8be0c607d55e7a946a357ae1d9a96ebc5e62a110d5169bf2d4eed911c25a9d342db6010f93f1b9b1c6e246f7365f3637a05b
SSDEEP

1536:FR3p0GaRad1Yq6n4SFb7+arthAdaxtYx7:FR3p0PDecxtY

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
824	3912	WerFault.exe	83
2216	3912	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3096 wrote to memory of 3912	3096	rundll32.exe	83
PID 3096 wrote to memory of 3912	3096	rundll32.exe	83
PID 3096 wrote to memory of 3912	3096	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\441c9c9b8d0e2c4be004e5a8b4442079_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3096
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\441c9c9b8d0e2c4be004e5a8b4442079_JaffaCakes118.dll,#1
  2⤵
  PID:3912
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 544
    3⤵
    - Program crash
    PID:824
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 636
    3⤵
    - Program crash
    PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3912 -ip 3912
1⤵
PID:1156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3912 -ip 3912
1⤵
PID:5020

memory/3912-0-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download