7289da9af902d3df3f1c3c19c80ed2c5404cc342264de30148e87edcec8a32c3

Analysis

max time kernel
139s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 23:30

Target

606cbb144402df7577f933e3aec7702e_JaffaCakes118.dll
Size

99KB
MD5

606cbb144402df7577f933e3aec7702e
SHA1

0054f594eb519924d7ed08070aa8cdaea8372e80
SHA256

7289da9af902d3df3f1c3c19c80ed2c5404cc342264de30148e87edcec8a32c3
SHA512

cc18a14ee8cc94d93deb6d274c6bd971bb4590460b79a2d13d022dc87b2e6db74e03cdf2477b7db85b58b41dd0c41998ef44ac65e0542661b914384845cc9704
SSDEEP

1536:n+dXilJ56MkJHw0HFf5ooyYrb3/195oKcKlQVNMly/raI13yJdFbVNp:+dXrNN3/NvyzaIRyxb/p

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4780	4416	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5108 wrote to memory of 4416	5108	rundll32.exe	84
PID 5108 wrote to memory of 4416	5108	rundll32.exe	84
PID 5108 wrote to memory of 4416	5108	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\606cbb144402df7577f933e3aec7702e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\606cbb144402df7577f933e3aec7702e_JaffaCakes118.dll,#1
  2⤵
  PID:4416
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 620
    3⤵
    - Program crash
    PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4416 -ip 4416
1⤵
PID:1784

memory/4416-0-0x0000000054000000-0x000000005401E000-memory.dmp

Filesize
120KB

Download