Analysis

  • max time kernel
    132s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/06/2024, 04:55

General

  • Target

    18d962284af9db04620133a1636f3666_JaffaCakes118.exe

  • Size

    320KB

  • MD5

    18d962284af9db04620133a1636f3666

  • SHA1

    5ff6d1af43d8cd465f2f4c320a59921635f85413

  • SHA256

    97ea74f8e5586c086858bba59e502c03d0dba8fd314cee2b3700945e5ddc95cf

  • SHA512

    76ac3070842559c52f2e13fa6078f41c348b95fd432f11bfe823e404f16ec54d0f2c5a67e11927a305dd21879dd559ebd0132c9690df4388a7ecb78ab7965c1e

  • SSDEEP

    6144:iQ/5HfngD156kU/FAshDKVTpclhKfIe5OhwwJZ0BbVmXpz/AV:bHopW/FVhDKFSlhNlww+bGz/

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\18d962284af9db04620133a1636f3666_JaffaCakes118.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1432
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\18d962284af9db04620133a1636f3666_JaffaCakes118.exe
      2⤵
        PID:4724
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 600
          3⤵
          • Program crash
          PID:360
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4724 -ip 4724
      1⤵
        PID:3348

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads