3dc2e931be9087f54b3662cddf93eeace386050c4308df3e4221aaa3018c3942

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 16:26

Target

63eb54f0045c2fd627fcbc817d4c7c81_JaffaCakes118.dll
Size

4KB
MD5

63eb54f0045c2fd627fcbc817d4c7c81
SHA1

67518aac1cc2466c819759c82c437ea14df01771
SHA256

3dc2e931be9087f54b3662cddf93eeace386050c4308df3e4221aaa3018c3942
SHA512

208cee64b8ec24d698231243e402cd4ccee38b65130f8cbb137db9bcda8e852d6ba7e8b5a39cb65b13fb4ec6355ac57554e0a8fd3cb324d5d68d3839cf29215e

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2664	2028	WerFault.exe	31

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 656 wrote to memory of 2028	656	rundll32.exe	31
PID 656 wrote to memory of 2028	656	rundll32.exe	31
PID 656 wrote to memory of 2028	656	rundll32.exe	31
PID 656 wrote to memory of 2028	656	rundll32.exe	31
PID 656 wrote to memory of 2028	656	rundll32.exe	31
PID 656 wrote to memory of 2028	656	rundll32.exe	31
PID 656 wrote to memory of 2028	656	rundll32.exe	31
PID 2028 wrote to memory of 2664	2028	rundll32.exe	32
PID 2028 wrote to memory of 2664	2028	rundll32.exe	32
PID 2028 wrote to memory of 2664	2028	rundll32.exe	32
PID 2028 wrote to memory of 2664	2028	rundll32.exe	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\63eb54f0045c2fd627fcbc817d4c7c81_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:656
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\63eb54f0045c2fd627fcbc817d4c7c81_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2028
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 224
    3⤵
    - Program crash
    PID:2664