d83e82b8576c71c42cc4a60de1ce9b950ca1b1b58a2ee1f6dcbac87108549f8e

Analysis

max time kernel
51s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 19:03

Target

0f2ddb99893e70b92d02ba913ffc18fb_JaffaCakes118.dll
Size

20KB
MD5

0f2ddb99893e70b92d02ba913ffc18fb
SHA1

5918b77a5b3a50706dc6b1498b542a83348b49dd
SHA256

d83e82b8576c71c42cc4a60de1ce9b950ca1b1b58a2ee1f6dcbac87108549f8e
SHA512

ed92cfe135c752ccea5fbd5e63691586761b749dbd334ec6730f7a0231368c7977a395205baf770defdf8cb82f0bc1533b8847c8150280ef25194eedf51f06b4
SSDEEP

192:STLYGcH+bKV1/qKjLBPGn4/flmfx7qDLh25r1+oxOAIMHG26bVRhkGWJhPp:ONOTV1CKHZGn4/fg7q83+0iXz/W/p

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3404	2248	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 640 wrote to memory of 2248	640	regsvr32.exe	81
PID 640 wrote to memory of 2248	640	regsvr32.exe	81
PID 640 wrote to memory of 2248	640	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0f2ddb99893e70b92d02ba913ffc18fb_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:640
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0f2ddb99893e70b92d02ba913ffc18fb_JaffaCakes118.dll
  2⤵
  PID:2248
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 672
    3⤵
    - Program crash
    PID:3404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2248 -ip 2248
1⤵
PID:3908

memory/2248-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download