6d32dadd04332e68afaa945f235dbe15c3095b2e6ee214de153de0a7b69b4336

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 14:37

Target

f3b184f298908a9b503c9e19de08eb33_JaffaCakes118.dll
Size

86KB
MD5

f3b184f298908a9b503c9e19de08eb33
SHA1

6e4d535eed9f9185cf31548f1be71c3c0d09cff4
SHA256

6d32dadd04332e68afaa945f235dbe15c3095b2e6ee214de153de0a7b69b4336
SHA512

48f40fe64d03131af880074492d7588a7ba21dcc3b58e1ab3489804fcbe71b6ec8bd6cb015d348640477b8576147ca4400402234e0845d06bf7e85a8d4726984
SSDEEP

1536:wD5k2qth7uK/4k65bOayvnQCK7n7CxXa5+QJDzRsJ1UZQd4WNQunXMTCYgKazyoi:wDnqth7ui4kIOaanq+xw+synxd9NQOXO

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4532	2132	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 2132	1768	regsvr32.exe	85
PID 1768 wrote to memory of 2132	1768	regsvr32.exe	85
PID 1768 wrote to memory of 2132	1768	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f3b184f298908a9b503c9e19de08eb33_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f3b184f298908a9b503c9e19de08eb33_JaffaCakes118.dll
  2⤵
  PID:2132
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 604
    3⤵
    - Program crash
    PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2132 -ip 2132
1⤵
PID:612

memory/2132-0-0x0000000000320000-0x0000000000363000-memory.dmp

Filesize
268KB

Download