c4de095e620fdb3ae746863f5a063a9245ab2f66d8086d785268935337580679

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 02:11

Target

65bebcea3615b74db99d8d3945f126ca_JaffaCakes118.dll
Size

15KB
MD5

65bebcea3615b74db99d8d3945f126ca
SHA1

fd7dbc214f10cf44e00b778d6a12fb675fa7ad59
SHA256

c4de095e620fdb3ae746863f5a063a9245ab2f66d8086d785268935337580679
SHA512

1f9068098ed30cd2ab7f9d41f354e7caa2905ed3729507c4c958a9cdf2f3ba8ec66e628cbd36fdfe6264447713ce40d8e841bab6886031f54d306c007312e397
SSDEEP

384:o0Kv2cI3KFQF77iiRUfcYKBNQ37Aue59/VP:vnf7ccNN6cua99

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5020	1892	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 1892	3356	rundll32.exe	84
PID 3356 wrote to memory of 1892	3356	rundll32.exe	84
PID 3356 wrote to memory of 1892	3356	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65bebcea3615b74db99d8d3945f126ca_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\65bebcea3615b74db99d8d3945f126ca_JaffaCakes118.dll,#1
  2⤵
  PID:1892
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 540
    3⤵
    - Program crash
    PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1892 -ip 1892
1⤵
PID:2916