9fd2edaab898b2be0a0dd55f2360ef3dbabe872d68daa03225c9cb616200f545

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 11:39

Target

499e61e194caf8f5a1f5fac66650ec98_JaffaCakes118.dll
Size

204KB
MD5

499e61e194caf8f5a1f5fac66650ec98
SHA1

b54c37c9dcdead9137d0e429e6d30d2570ae5525
SHA256

9fd2edaab898b2be0a0dd55f2360ef3dbabe872d68daa03225c9cb616200f545
SHA512

f2d3a9481c44f6818b262d1e32444c79bbdae58acfeab5016de13947e33cf428db4fdf2bebf5d8203fe30d04193b9c503b5f37ec77aaa89e421121c2d9586f5c
SSDEEP

3072:WP3E4hr7WWCZ9dyDIznT2b4XFZJ00bmbJQ6WXslSMcFRIPm30qHvcO5VHaXhx+Fd:WyJlFXKQZWhx+KE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1044	1960	WerFault.exe	30

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 1960	1952	rundll32.exe	30
PID 1952 wrote to memory of 1960	1952	rundll32.exe	30
PID 1952 wrote to memory of 1960	1952	rundll32.exe	30
PID 1952 wrote to memory of 1960	1952	rundll32.exe	30
PID 1952 wrote to memory of 1960	1952	rundll32.exe	30
PID 1952 wrote to memory of 1960	1952	rundll32.exe	30
PID 1952 wrote to memory of 1960	1952	rundll32.exe	30
PID 1960 wrote to memory of 1044	1960	rundll32.exe	31
PID 1960 wrote to memory of 1044	1960	rundll32.exe	31
PID 1960 wrote to memory of 1044	1960	rundll32.exe	31
PID 1960 wrote to memory of 1044	1960	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\499e61e194caf8f5a1f5fac66650ec98_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\499e61e194caf8f5a1f5fac66650ec98_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1960
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 256
    3⤵
    - Program crash
    PID:1044