92170cb9174118b0a4b1de36d35da5ef2e313ad4a67dac7e6dc3e254813f88c0

Analysis

max time kernel
51s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 12:20

Target

05ef3c1d360c86a9243b72af5106fde6_JaffaCakes118.dll
Size

89KB
MD5

05ef3c1d360c86a9243b72af5106fde6
SHA1

dffb010027b35094e68e2bbd2cd97387f41c2ecd
SHA256

92170cb9174118b0a4b1de36d35da5ef2e313ad4a67dac7e6dc3e254813f88c0
SHA512

ac9dc740a22e22eb6c9ed4f9e8017d6734dc273f69f1a5a8154feed0fa91727bc2a0aa026e10b1028122e4fd3ec36c4c2e8b3b8a6a555c1428e9658c7e9ca0d5
SSDEEP

1536:z2Wzq/W5xgp67akOIXG8Lei2/ct6jwOJSp3WD85G1hM0XsjyNlWdhxQxDbjvli2n:r0/0OcBpzU/M4Cquy/joOf

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2476	2484	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 2484	4136	regsvr32.exe	81
PID 4136 wrote to memory of 2484	4136	regsvr32.exe	81
PID 4136 wrote to memory of 2484	4136	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\05ef3c1d360c86a9243b72af5106fde6_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\05ef3c1d360c86a9243b72af5106fde6_JaffaCakes118.dll
  2⤵
  PID:2484
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 596
    3⤵
    - Program crash
    PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2484 -ip 2484
1⤵
PID:1988

memory/2484-0-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download