8037ce4ce6264de8755c47a6f091312d66c67d78b5f14a6eebcf200ad777b0c1

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 18:43

Target

4aed92b8683e718f86090639f1eb3c94_JaffaCakes118.dll
Size

76KB
MD5

4aed92b8683e718f86090639f1eb3c94
SHA1

7dedd7e683817f038d2a2a23f4eb73be38b3e846
SHA256

8037ce4ce6264de8755c47a6f091312d66c67d78b5f14a6eebcf200ad777b0c1
SHA512

850a584b3d00d31b756131eb6b9bcb8d6040a3076e0547970ea6b20eafca6725dbe09e5a501ea9c1818a05ce54cbeeecae7986e6ef236a22127e95f6803e0417
SSDEEP

1536:MrMIvDvBf2srWz5kE27RWn8hpZnGtU/gZgRIj0X:KQM8F2c87/gZgRIj4

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2788	3928	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 3928	4920	rundll32.exe	83
PID 4920 wrote to memory of 3928	4920	rundll32.exe	83
PID 4920 wrote to memory of 3928	4920	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4aed92b8683e718f86090639f1eb3c94_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4aed92b8683e718f86090639f1eb3c94_JaffaCakes118.dll,#1
  2⤵
  PID:3928
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 620
    3⤵
    - Program crash
    PID:2788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3928 -ip 3928
1⤵
PID:2444