fd2b0d50d782c44c683f04479baab07a87291eb2a9ebb05e6f228b626d0cdddc

Analysis

max time kernel
0s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 05:53

Target

f2d40437006a2f576a3d05db39183ab3_JaffaCakes118.dll
Size

19KB
MD5

f2d40437006a2f576a3d05db39183ab3
SHA1

960056ec97a7e3ed453734f6a2f2f87b6e526a86
SHA256

fd2b0d50d782c44c683f04479baab07a87291eb2a9ebb05e6f228b626d0cdddc
SHA512

bed546d47cd6b6c94fd996ad1ee801787e1e4aa5cea6a2832a1b2d88cc78d7337630d64c007b2dacd4ca5c240442b061d1c61cee0fd68283b402b02bb7d4580f
SSDEEP

384:oa7O6RBI8oE3dW+rZFfXI+gevWFGCn5YDJNCqPyIt4UA1:oOBqEtZlXhgWWFGC5YLSNUA1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
452	1420	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 1420	4616	regsvr32.exe	80
PID 4616 wrote to memory of 1420	4616	regsvr32.exe	80
PID 4616 wrote to memory of 1420	4616	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f2d40437006a2f576a3d05db39183ab3_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f2d40437006a2f576a3d05db39183ab3_JaffaCakes118.dll
  2⤵
  PID:1420
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 596
    3⤵
    - Program crash
    PID:452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1420 -ip 1420
1⤵
PID:1060

memory/1420-0-0x0000000010000000-0x000000001001A000-memory.dmp

Filesize
104KB

Download