b7db9419f0f94c69a027c02ea022d6edf44c5787084129cfa36e98b718fbe5ab

Analysis

max time kernel
95s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 18:34

Target

47044fd784b36e71c7b2ae4e4ac59f6f_JaffaCakes118.dll
Size

251KB
MD5

47044fd784b36e71c7b2ae4e4ac59f6f
SHA1

5623551bdfb8b54a681a1c2a2a47f10d07c53bc2
SHA256

b7db9419f0f94c69a027c02ea022d6edf44c5787084129cfa36e98b718fbe5ab
SHA512

ecad148afb5503884132c45bd3168317bb2af21dc21210f115e8301fa281465e526bd4e809c0847dcab5510245f8fc4c62da6e0f0f8eb5a15618bdd175a1ab73
SSDEEP

6144:M/b5UYo4fSaD/mnKf5FQeeaQeehQeesQeemaQeehQeeGnQgV0hfyjMYs:m5UYfKKGXQBfA

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2280	3424	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 184 wrote to memory of 3424	184	rundll32.exe	83
PID 184 wrote to memory of 3424	184	rundll32.exe	83
PID 184 wrote to memory of 3424	184	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\47044fd784b36e71c7b2ae4e4ac59f6f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\47044fd784b36e71c7b2ae4e4ac59f6f_JaffaCakes118.dll,#1
  2⤵
  PID:3424
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 816
    3⤵
    - Program crash
    PID:2280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3424 -ip 3424
1⤵
PID:4656