9fd2edaab898b2be0a0dd55f2360ef3dbabe872d68daa03225c9cb616200f545

Analysis

max time kernel
94s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 11:39

Target

499e61e194caf8f5a1f5fac66650ec98_JaffaCakes118.dll
Size

204KB
MD5

499e61e194caf8f5a1f5fac66650ec98
SHA1

b54c37c9dcdead9137d0e429e6d30d2570ae5525
SHA256

9fd2edaab898b2be0a0dd55f2360ef3dbabe872d68daa03225c9cb616200f545
SHA512

f2d3a9481c44f6818b262d1e32444c79bbdae58acfeab5016de13947e33cf428db4fdf2bebf5d8203fe30d04193b9c503b5f37ec77aaa89e421121c2d9586f5c
SSDEEP

3072:WP3E4hr7WWCZ9dyDIznT2b4XFZJ00bmbJQ6WXslSMcFRIPm30qHvcO5VHaXhx+Fd:WyJlFXKQZWhx+KE

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2084	684	WerFault.exe	83
4984	684	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 684	4800	rundll32.exe	83
PID 4800 wrote to memory of 684	4800	rundll32.exe	83
PID 4800 wrote to memory of 684	4800	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\499e61e194caf8f5a1f5fac66650ec98_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\499e61e194caf8f5a1f5fac66650ec98_JaffaCakes118.dll,#1
  2⤵
  PID:684
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 592
    3⤵
    - Program crash
    PID:2084
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 820
    3⤵
    - Program crash
    PID:4984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 684 -ip 684
1⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 684 -ip 684
1⤵
PID:3144