76c78a13e4e1718a9bec57a1e042ff7886127f8ab6772476fc43c96e41b1d45b

Analysis

max time kernel
136s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 00:34

Target

620fd326770212dc04bf0e0e08827547_JaffaCakes118.dll
Size

9KB
MD5

620fd326770212dc04bf0e0e08827547
SHA1

9a43a7c9a98983262035ceb35aea27615ea9e345
SHA256

76c78a13e4e1718a9bec57a1e042ff7886127f8ab6772476fc43c96e41b1d45b
SHA512

92c16281d1414a2b2ec54e540a298b67d23383281f0a05c697b2f414ee9af6b8f87203eaefd44158ac331fedebb01007ca2f39a7632c45780da550046abdefb1
SSDEEP

192:CTsp6nrx0MOH0fHlZTnDZbXpcsWGGYWRHb:YssrZGGvXZRWGGYWRH

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1432	4732	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 4732	2876	rundll32.exe	85
PID 2876 wrote to memory of 4732	2876	rundll32.exe	85
PID 2876 wrote to memory of 4732	2876	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\620fd326770212dc04bf0e0e08827547_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\620fd326770212dc04bf0e0e08827547_JaffaCakes118.dll,#1
  2⤵
  PID:4732
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 624
    3⤵
    - Program crash
    PID:1432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4732 -ip 4732
1⤵
PID:4908

memory/4732-0-0x0000000001290000-0x0000000001296000-memory.dmp

Filesize
24KB

Download
memory/4732-1-0x0000000001290000-0x0000000001296000-memory.dmp

Filesize
24KB

Download