8803c4a7f3c72a73a536594ca0d242b2cdfa56b20896bb84d3e249985e3331f2

Analysis

max time kernel
139s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 14:11

Target

637bf43de02426127b105f7e49a7f05e_JaffaCakes118.dll
Size

9KB
MD5

637bf43de02426127b105f7e49a7f05e
SHA1

d5070885b0b368ce7b7ba255428d0706ae0cb49f
SHA256

8803c4a7f3c72a73a536594ca0d242b2cdfa56b20896bb84d3e249985e3331f2
SHA512

728800fc5cbecbfefcff4ee4868b3094db4738165942c71ee2f76b0ce1e8942804495cd2f29064f8ac34f5b737b6a3d8970160497b0c3f8d3ae35c8a73ae38c9
SSDEEP

96:q1V7dR7uwEU+hCT3GrxZ4MUtPNlz0MdG8EWvdM3IWwG34b:kuwEt8rsTUtPLzKNWSYWF4b

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3336	1032	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 1032	216	rundll32.exe	84
PID 216 wrote to memory of 1032	216	rundll32.exe	84
PID 216 wrote to memory of 1032	216	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\637bf43de02426127b105f7e49a7f05e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\637bf43de02426127b105f7e49a7f05e_JaffaCakes118.dll,#1
  2⤵
  PID:1032
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 624
    3⤵
    - Program crash
    PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1032 -ip 1032
1⤵
PID:2076

memory/1032-0-0x0000000000820000-0x0000000000827000-memory.dmp

Filesize
28KB

Download
memory/1032-1-0x0000000000820000-0x0000000000827000-memory.dmp

Filesize
28KB

Download