695a8b8df4b25b3e8696d1bf197b6297288483110179338fdc92751e33ddabed

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20-07-2024 06:10

Target

5f53c0fe9d6215a1cf03451c808ab34f_JaffaCakes118.dll
Size

204KB
MD5

5f53c0fe9d6215a1cf03451c808ab34f
SHA1

47f401be6b524d1c11012d834a460605e616008f
SHA256

695a8b8df4b25b3e8696d1bf197b6297288483110179338fdc92751e33ddabed
SHA512

4e0432f8bd05fe48ed76572140735880382de48be5354156ba5e5d99cdf6302e6a8c3293dcf549f9c0a26f664a76c70f5b4ea8017d86f94af9b80ceea7b1de1f
SSDEEP

3072:4L4VDxk7xWamNdyDIRzHJc0nJ2VbWMk7V7wBkSqcmRlvmI0qHhcO5VHReGHzksw/:odJv0Jl7WU4swYC7

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2068	2484	WerFault.exe	31

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2484	2460	rundll32.exe	31
PID 2460 wrote to memory of 2484	2460	rundll32.exe	31
PID 2460 wrote to memory of 2484	2460	rundll32.exe	31
PID 2460 wrote to memory of 2484	2460	rundll32.exe	31
PID 2460 wrote to memory of 2484	2460	rundll32.exe	31
PID 2460 wrote to memory of 2484	2460	rundll32.exe	31
PID 2460 wrote to memory of 2484	2460	rundll32.exe	31
PID 2484 wrote to memory of 2068	2484	rundll32.exe	32
PID 2484 wrote to memory of 2068	2484	rundll32.exe	32
PID 2484 wrote to memory of 2068	2484	rundll32.exe	32
PID 2484 wrote to memory of 2068	2484	rundll32.exe	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f53c0fe9d6215a1cf03451c808ab34f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f53c0fe9d6215a1cf03451c808ab34f_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2484
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 256
    3⤵
    - Program crash
    PID:2068