2cb32e82c6003ddf12dc76de6fece275b620a2cb059f3b8a177ff48fdace8aa8

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 00:21

Target

59b5e9480298821332ff1b690aebc5fe_JaffaCakes118.dll
Size

128KB
MD5

59b5e9480298821332ff1b690aebc5fe
SHA1

a3fd8ff3b4e5fc10f0e50aee714803999f06ca31
SHA256

2cb32e82c6003ddf12dc76de6fece275b620a2cb059f3b8a177ff48fdace8aa8
SHA512

312681bfcff614220ba5424a7f7f0364f7989da323c695c0633e77ad188cb308f94ec3a8834d09bb8fc20cf54973d9f66c2e52173d931a525077029f3428abd3
SSDEEP

3072:NSeOLNOWbn2wi7c/4zGP7Vmdi8Tvoxp6+:NSLLhawYi4zfdHTvuL

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4488	2384	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 552 wrote to memory of 2384	552	rundll32.exe	84
PID 552 wrote to memory of 2384	552	rundll32.exe	84
PID 552 wrote to memory of 2384	552	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59b5e9480298821332ff1b690aebc5fe_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:552
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\59b5e9480298821332ff1b690aebc5fe_JaffaCakes118.dll,#1
  2⤵
  PID:2384
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 644
    3⤵
    - Program crash
    PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2384 -ip 2384
1⤵
PID:3516