2019889d2c1eafa4edbfb5cd5a98f02a536c503001e6ea34aff1a4abc71d06e0

Analysis

max time kernel
92s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 02:50

Target

18854c436ffc0d8b2e4e254359971f9a_JaffaCakes118.dll
Size

167KB
MD5

18854c436ffc0d8b2e4e254359971f9a
SHA1

6b8096d88d05f7d731adf25e9b5022559597645a
SHA256

2019889d2c1eafa4edbfb5cd5a98f02a536c503001e6ea34aff1a4abc71d06e0
SHA512

29e75fe1bc9f0ccec40fa0eb00f56007b47fda8e9e187a834676e6184bba2a8920911c33457cc6a29f23fde034e1b0ee484c38fa0ebf410923e13bb088f698aa
SSDEEP

1536:bxEUbiiDIGEiDClVDheAmn3EoqwHCVApJRBanU7RLPvTSlCLJZ1UD13FXRV:bxWcI7DDHm3EvQCVo3JPvqCBUDXXv

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1184	3484	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 3484	2016	regsvr32.exe	81
PID 2016 wrote to memory of 3484	2016	regsvr32.exe	81
PID 2016 wrote to memory of 3484	2016	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\18854c436ffc0d8b2e4e254359971f9a_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\18854c436ffc0d8b2e4e254359971f9a_JaffaCakes118.dll
  2⤵
  PID:3484
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 596
    3⤵
    - Program crash
    PID:1184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3484 -ip 3484
1⤵
PID:3480

memory/3484-0-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download