316dc961e9cf11ba09b76fef3eab32430a40884bb2a2de34fb85f1fe1d8c3372

Analysis

max time kernel
62s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 05:41

Target

0351e61047b02ccd5cce4eeb081c4938_JaffaCakes118.dll
Size

167KB
MD5

0351e61047b02ccd5cce4eeb081c4938
SHA1

c0e63f08dcac1dd84734cfd2242d0cc91fb34709
SHA256

316dc961e9cf11ba09b76fef3eab32430a40884bb2a2de34fb85f1fe1d8c3372
SHA512

bff7c097335bbaa6504aa9953990445df49bf54d2c931cd93f848fe10d6350c19b92965755d37fb41136a73669e47d2723d29dfcea2cef2d79a477f4d12cfbe3
SSDEEP

1536:kjhqOVDvjvGdHjwHdi8ZdkDwZ5HzzmXrLca3CcQ9E9vqGAib:kjNpiHjgdr7kD+tXmbQaScewiG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2264	992	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 992	2056	regsvr32.exe	82
PID 2056 wrote to memory of 992	2056	regsvr32.exe	82
PID 2056 wrote to memory of 992	2056	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0351e61047b02ccd5cce4eeb081c4938_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0351e61047b02ccd5cce4eeb081c4938_JaffaCakes118.dll
  2⤵
  PID:992
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 596
    3⤵
    - Program crash
    PID:2264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 992 -ip 992
1⤵
PID:2184

memory/992-0-0x00000000024A0000-0x00000000024EB000-memory.dmp

Filesize
300KB

Download
memory/992-1-0x00000000024A0000-0x00000000024EB000-memory.dmp

Filesize
300KB

Download