ca9d2560043605778fba91f71ec680a5f9e4f324b8425dcaf4096fb8961ad02d

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 05:37

Target

4871648ef8b37504b19ff67283a2a658_JaffaCakes118.dll
Size

55KB
MD5

4871648ef8b37504b19ff67283a2a658
SHA1

3c935116d55e05be3126da7398e0e00264ac176e
SHA256

ca9d2560043605778fba91f71ec680a5f9e4f324b8425dcaf4096fb8961ad02d
SHA512

4deb6b97d87234f3ffd29bf7490728371285162fa2e7de579fca35dd37703a4380cf1f732c0ee8103969bd4a8602ae6a260d80cea5b7d310b939ebb7b3b248ac
SSDEEP

1536:FX/4isLma94WeamYtm8sJX456F2gKTg+W+LUo:lds394UmYtm3FWg+W+LU

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
952	3832	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 3832	2800	rundll32.exe	83
PID 2800 wrote to memory of 3832	2800	rundll32.exe	83
PID 2800 wrote to memory of 3832	2800	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4871648ef8b37504b19ff67283a2a658_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4871648ef8b37504b19ff67283a2a658_JaffaCakes118.dll,#1
  2⤵
  PID:3832
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 624
    3⤵
    - Program crash
    PID:952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3832 -ip 3832
1⤵
PID:3176

memory/3832-0-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download