95962a70eaaaf270422e3ae349e305f6af8177e9314a45c7d15c1df8674f72dc

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 20:38

Target

e85c94b8c11cee0d40849ebeedf407c1_JaffaCakes118.dll
Size

84KB
MD5

e85c94b8c11cee0d40849ebeedf407c1
SHA1

e93eaeb79a6c31089f47e2a2408c828a5a53a049
SHA256

95962a70eaaaf270422e3ae349e305f6af8177e9314a45c7d15c1df8674f72dc
SHA512

a802127f490c48c1206b29df69d97731e695bab850ec396f0d2c51de33d9a26acf9a3aecd593d7f9558888073f2a501065b457f121c48f118ac6f04c1e71ac49
SSDEEP

1536:9++3YFcOFbu1VU/gWzA/94ub2u1me04NZFHOlO+Rd7w1C7HOlO+:9++IRFbJ/DzAWU2uz04NZBOlOWTOlO

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
208	4404	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 4404	1764	regsvr32.exe	85
PID 1764 wrote to memory of 4404	1764	regsvr32.exe	85
PID 1764 wrote to memory of 4404	1764	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e85c94b8c11cee0d40849ebeedf407c1_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e85c94b8c11cee0d40849ebeedf407c1_JaffaCakes118.dll
  2⤵
  PID:4404
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 600
    3⤵
    - Program crash
    PID:208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4404 -ip 4404
1⤵
PID:1720

memory/4404-0-0x0000000010000000-0x000000001002D000-memory.dmp

Filesize
180KB

Download