54ffff557b2155b35ac03a7bf3b6d46a774c90a1b28d7a83f8d655429960dc7e

Analysis

max time kernel
140s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 13:48

Target

6369cc6ce0bd2885a53291b909452ab0_JaffaCakes118.dll
Size

588KB
MD5

6369cc6ce0bd2885a53291b909452ab0
SHA1

e631dedbf742cb84347da6178e2b44505919a44c
SHA256

54ffff557b2155b35ac03a7bf3b6d46a774c90a1b28d7a83f8d655429960dc7e
SHA512

d6a1874b34d78f9afd2d90dd75a85cc646ed44702e879822729df228e77a4b2537a1fc07358d04c7b9b49841208a2dc788b1c7e3fb264ddc03f7cf85d140f2f9
SSDEEP

12288:G1fg8KjZxlsUzNTiCpiBKbC2JKhG6PC8kqILXd0:Sg8KjKUz7q20pC8kfZ0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3628	4560	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3620 wrote to memory of 4560	3620	rundll32.exe	84
PID 3620 wrote to memory of 4560	3620	rundll32.exe	84
PID 3620 wrote to memory of 4560	3620	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6369cc6ce0bd2885a53291b909452ab0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6369cc6ce0bd2885a53291b909452ab0_JaffaCakes118.dll,#1
  2⤵
  PID:4560
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 672
    3⤵
    - Program crash
    PID:3628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4560 -ip 4560
1⤵
PID:468

memory/4560-0-0x0000000002740000-0x00000000027C1000-memory.dmp

Filesize
516KB

Download