1ef1be4b5b19d993f8a3b471e69f2b0e356f89e4703f1dc8c58cc9bfbc98160e

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 00:51

Target

59ccd531235b20192ce0cce64f0171b2_JaffaCakes118.dll
Size

113KB
MD5

59ccd531235b20192ce0cce64f0171b2
SHA1

6ed46f2e7799081d1f366f28a4d236973299ebae
SHA256

1ef1be4b5b19d993f8a3b471e69f2b0e356f89e4703f1dc8c58cc9bfbc98160e
SHA512

13c838767b2fcb32655de17ba027c68416a03cbb77a29d1af1e5c4b59693a2f62ffb3f5286ff764711768e4a8a78a6606293f3a91a0542b536128191575bc9b5
SSDEEP

1536:M/RxknztHpSaglhs5enYUuqyCAkJrIoBnoPc3A767dhfVceF:M/w5JZMnYaYYrIoZoPYA767dRVce

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
8	4768	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3740 wrote to memory of 4768	3740	rundll32.exe	84
PID 3740 wrote to memory of 4768	3740	rundll32.exe	84
PID 3740 wrote to memory of 4768	3740	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59ccd531235b20192ce0cce64f0171b2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\59ccd531235b20192ce0cce64f0171b2_JaffaCakes118.dll,#1
  2⤵
  PID:4768
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 540
    3⤵
    - Program crash
    PID:8

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4768 -ip 4768
1⤵
PID:1340