03623bb43456cd72f9ae07226615319782b06bec80ad884e7da2dbf5095c970c

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 07:11

Target

44d0ffb9d4d2667f3a041a57fb5b19c8_JaffaCakes118.dll
Size

102KB
MD5

44d0ffb9d4d2667f3a041a57fb5b19c8
SHA1

07eac22b14c42d02cd233be7185cd4cd5cb8757a
SHA256

03623bb43456cd72f9ae07226615319782b06bec80ad884e7da2dbf5095c970c
SHA512

75167bf4093bd852ad9e06257107130478d5d8ab9129ee68cfcbc64203acf188a91146509efdfac2b41250612019c828e3240b9ca1ccd88786335f79768e41ea
SSDEEP

1536:wQ/rrAKpYehS+I6RrHPvvUZ997BuXLgDRdc8TAkqTacB0g9TTg0OaCJrSVs3NVMw:wcrwSLP3UL97UXLQRO7koV3VWND

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3936	1584	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 1584	2920	rundll32.exe	83
PID 2920 wrote to memory of 1584	2920	rundll32.exe	83
PID 2920 wrote to memory of 1584	2920	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\44d0ffb9d4d2667f3a041a57fb5b19c8_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\44d0ffb9d4d2667f3a041a57fb5b19c8_JaffaCakes118.dll,#1
  2⤵
  PID:1584
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 560
    3⤵
    - Program crash
    PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1584 -ip 1584
1⤵
PID:2428