12d90bb005ba215fd3bbc6dac06232cde1f08fc0cd2cf278758f89599a26c13a

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 22:47

Target

61b81d3ad9f2ff499fc7346e6937383b_JaffaCakes118.dll
Size

5KB
MD5

61b81d3ad9f2ff499fc7346e6937383b
SHA1

735627d89442a1441f620df6473ac6bc693880c4
SHA256

12d90bb005ba215fd3bbc6dac06232cde1f08fc0cd2cf278758f89599a26c13a
SHA512

43a949fe149d21ebc46a26f834475ab044971bfd1aa1f6f261e072da342da42a1205c82f70e663b7cf14d3ba3343c9077a1b7d8ad53fb94f263a019372403df0
SSDEEP

24:etGSE/gei61tyMmL6v7KOVnOwr+sn4uC3zPrnoEg5CY0QMI7i6EvBEWJpC6TYzU4:69otyNL6iw5NdEvB9JTYzVv

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2824	2816	WerFault.exe	30

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 2816	2728	rundll32.exe	30
PID 2728 wrote to memory of 2816	2728	rundll32.exe	30
PID 2728 wrote to memory of 2816	2728	rundll32.exe	30
PID 2728 wrote to memory of 2816	2728	rundll32.exe	30
PID 2728 wrote to memory of 2816	2728	rundll32.exe	30
PID 2728 wrote to memory of 2816	2728	rundll32.exe	30
PID 2728 wrote to memory of 2816	2728	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61b81d3ad9f2ff499fc7346e6937383b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\61b81d3ad9f2ff499fc7346e6937383b_JaffaCakes118.dll,#1
  2⤵
  PID:2816
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 304
    3⤵
    - Program crash
    PID:2824