249c7496bf80d4f5f30d188f2e48841af068183e1bd747ff80066da41523a3c2

Analysis

max time kernel
139s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2024 12:02

Target

60828cd0fa4ef1e9fd07f187da8a52e9_JaffaCakes118.dll
Size

123KB
MD5

60828cd0fa4ef1e9fd07f187da8a52e9
SHA1

785e27f88e995e543f4296339a86863e477ca932
SHA256

249c7496bf80d4f5f30d188f2e48841af068183e1bd747ff80066da41523a3c2
SHA512

dba38470d15e840fd9dbc9a686e423b36d4483ea806480f19f9f4715f56b18768f2bcbca34cc46c8159e20989b8e3edf23cf263723499bfd527c9ed388128c42
SSDEEP

1536:mkxIlEyi+AK4k+IhXcu9dWjqAssZIXbZCet:K6A4k9hXCjJssZIX9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4448	3656	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 3656	3100	rundll32.exe	86
PID 3100 wrote to memory of 3656	3100	rundll32.exe	86
PID 3100 wrote to memory of 3656	3100	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\60828cd0fa4ef1e9fd07f187da8a52e9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\60828cd0fa4ef1e9fd07f187da8a52e9_JaffaCakes118.dll,#1
  2⤵
  PID:3656
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 548
    3⤵
    - Program crash
    PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3656 -ip 3656
1⤵
PID:4348

memory/3656-0-0x0000000010000000-0x0000000010033000-memory.dmp

Filesize
204KB

Download