b435ea32fe5f9a8aee1676d5ca485dc15996b258404862467ebd4c1024feef73

Analysis

max time kernel
138s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 02:45

Target

5a26f5204dbe790516361d21f9aa0722_JaffaCakes118.dll
Size

131KB
MD5

5a26f5204dbe790516361d21f9aa0722
SHA1

88d5ef19fb00e93d63c9d3b34b9c8a4fd1659f47
SHA256

b435ea32fe5f9a8aee1676d5ca485dc15996b258404862467ebd4c1024feef73
SHA512

88b38b8a51b7a9127c3702d55ad0759cabb2270a2d0ec11a22ee9543dc3adc1ab9432d343d74991a44eaf4ceaefc991d203d50fe403d72bdc2be822f48f7445c
SSDEEP

3072:e3bLOGC9tTA4fXo/KGzVUnqQ5/RANhUMZ:erLPoASXBGz6qQ5/RANh9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3596	4620	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 4620	1700	rundll32.exe	84
PID 1700 wrote to memory of 4620	1700	rundll32.exe	84
PID 1700 wrote to memory of 4620	1700	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a26f5204dbe790516361d21f9aa0722_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a26f5204dbe790516361d21f9aa0722_JaffaCakes118.dll,#1
  2⤵
  PID:4620
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 728
    3⤵
    - Program crash
    PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4620 -ip 4620
1⤵
PID:4756

memory/4620-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download