3dc2e931be9087f54b3662cddf93eeace386050c4308df3e4221aaa3018c3942

Analysis

max time kernel
139s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 16:26

Target

63eb54f0045c2fd627fcbc817d4c7c81_JaffaCakes118.dll
Size

4KB
MD5

63eb54f0045c2fd627fcbc817d4c7c81
SHA1

67518aac1cc2466c819759c82c437ea14df01771
SHA256

3dc2e931be9087f54b3662cddf93eeace386050c4308df3e4221aaa3018c3942
SHA512

208cee64b8ec24d698231243e402cd4ccee38b65130f8cbb137db9bcda8e852d6ba7e8b5a39cb65b13fb4ec6355ac57554e0a8fd3cb324d5d68d3839cf29215e

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4996	2308	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 2308	224	rundll32.exe	84
PID 224 wrote to memory of 2308	224	rundll32.exe	84
PID 224 wrote to memory of 2308	224	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\63eb54f0045c2fd627fcbc817d4c7c81_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\63eb54f0045c2fd627fcbc817d4c7c81_JaffaCakes118.dll,#1
  2⤵
  PID:2308
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 600
    3⤵
    - Program crash
    PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2308 -ip 2308
1⤵
PID:1168