648065ece7db0f44de062ec41c4be1f7249dea9f6f3e124818de3fb3672c2f39

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 03:05

Target

4c8c9d4f6285154c4534d8cd95e21e07_JaffaCakes118.dll
Size

150KB
MD5

4c8c9d4f6285154c4534d8cd95e21e07
SHA1

a47dc5e0c59191d2c66ccb8b52fe66b2608ef098
SHA256

648065ece7db0f44de062ec41c4be1f7249dea9f6f3e124818de3fb3672c2f39
SHA512

ac6c3ba5582c6aca067c03ae3b4d6f37b10f4043978324d6d9e8f4388f3cdfecaca5065c769049ea045ba2bad3b41baba05528a679a76c688afe3f70eaa7e2d4
SSDEEP

3072:suhE6zRk71syAdo7J8D56D/eKgSTdhQOSljmCp8wt/:suhM1ReD56KKgSJhQL9d/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3032	2416	WerFault.exe	31

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 2416	1208	rundll32.exe	31
PID 1208 wrote to memory of 2416	1208	rundll32.exe	31
PID 1208 wrote to memory of 2416	1208	rundll32.exe	31
PID 1208 wrote to memory of 2416	1208	rundll32.exe	31
PID 1208 wrote to memory of 2416	1208	rundll32.exe	31
PID 1208 wrote to memory of 2416	1208	rundll32.exe	31
PID 1208 wrote to memory of 2416	1208	rundll32.exe	31
PID 2416 wrote to memory of 3032	2416	rundll32.exe	32
PID 2416 wrote to memory of 3032	2416	rundll32.exe	32
PID 2416 wrote to memory of 3032	2416	rundll32.exe	32
PID 2416 wrote to memory of 3032	2416	rundll32.exe	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c8c9d4f6285154c4534d8cd95e21e07_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c8c9d4f6285154c4534d8cd95e21e07_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2416
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 260
    3⤵
    - Program crash
    PID:3032