45048b2aae73fd7b0498cab845e83e8a89db0d10d71af61832c0445590c2e2e2

Analysis

max time kernel
139s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 00:41

Target

6216fe8b69bc4b4ce67ee3faba936521_JaffaCakes118.dll
Size

160KB
MD5

6216fe8b69bc4b4ce67ee3faba936521
SHA1

6b3e7c8cbcd058d0e9fecfc91d7d651e1a58f353
SHA256

45048b2aae73fd7b0498cab845e83e8a89db0d10d71af61832c0445590c2e2e2
SHA512

4d4ba9ba7f1517ae79d6ef44159f8956132970cacbfe22ad8a74ef629e86942af372115bea5947d2e03ac32efec225acb4b43d858809e183ecad92bd945fa624
SSDEEP

3072:E3A83BTb3y0GLApt8xEtIlc5xd9dL6qobPUf8XYgWKILH4S:xpKcc5jHsUUIXKIMS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
908	3916	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 400 wrote to memory of 3916	400	rundll32.exe	83
PID 400 wrote to memory of 3916	400	rundll32.exe	83
PID 400 wrote to memory of 3916	400	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6216fe8b69bc4b4ce67ee3faba936521_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6216fe8b69bc4b4ce67ee3faba936521_JaffaCakes118.dll,#1
  2⤵
  PID:3916
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 564
    3⤵
    - Program crash
    PID:908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3916 -ip 3916
1⤵
PID:2196