f140ed06763abca99b9a1cdf4a7302c8838e8b7e9a03f5c67d32a667353f0ea2

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 15:52

Target

467f9763cff717b87f96612295d8bf1a_JaffaCakes118.dll
Size

251KB
MD5

467f9763cff717b87f96612295d8bf1a
SHA1

5cc2983e23b5a7e21f60ab3d3a2d310aa5c425d8
SHA256

f140ed06763abca99b9a1cdf4a7302c8838e8b7e9a03f5c67d32a667353f0ea2
SHA512

c0caec0abababd2ef841c1cf759b82be50244800ff02c7bfd0bd704cc5a8745039c9cccec18497a82a24002b287155979c69e0544b0f5612fdf452a07841f1a0
SSDEEP

6144:YrXh0n8dKT4ustmLGFqfifOj0Sq9x3ee0x:htUusvq6fOgf30

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
868	3248	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 3248	5088	rundll32.exe	83
PID 5088 wrote to memory of 3248	5088	rundll32.exe	83
PID 5088 wrote to memory of 3248	5088	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\467f9763cff717b87f96612295d8bf1a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\467f9763cff717b87f96612295d8bf1a_JaffaCakes118.dll,#1
  2⤵
  PID:3248
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 580
    3⤵
    - Program crash
    PID:868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3248 -ip 3248
1⤵
PID:4292