7883a6fffa087c0895ad17b8bfedbc20a2f72c648bf75c653304c573934a4b43

Analysis

max time kernel
139s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 22:45

Target

5dfe5d6f6ea7c94b8d79aecaaaed4c1c_JaffaCakes118.dll
Size

393KB
MD5

5dfe5d6f6ea7c94b8d79aecaaaed4c1c
SHA1

d743df98d94586d731437533bd3d86ea940ee21b
SHA256

7883a6fffa087c0895ad17b8bfedbc20a2f72c648bf75c653304c573934a4b43
SHA512

b0ae69628512f38040f99366fc305dba6853d5fdeaf03ed35ddf7a4d25d3a621351640ec7bb1fc6d864efa1847f129e490a5e5b694acba7f44f0073108a80cb1
SSDEEP

6144:MEn+wo6AJVeDDpYmDoqyoNWmQW3twt4ESigEoonTB0xEcLU:pAJVeDDimDe6WmQ2CXSmoonTuEcLU

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1524	3944	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3612 wrote to memory of 3944	3612	rundll32.exe	84
PID 3612 wrote to memory of 3944	3612	rundll32.exe	84
PID 3612 wrote to memory of 3944	3612	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5dfe5d6f6ea7c94b8d79aecaaaed4c1c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5dfe5d6f6ea7c94b8d79aecaaaed4c1c_JaffaCakes118.dll,#1
  2⤵
  PID:3944
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 668
    3⤵
    - Program crash
    PID:1524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3944 -ip 3944
1⤵
PID:420