d017e6aad694c7d59c86a45645a1222fa2b96266782c301fe9a83194b5b3d1c0

Analysis

max time kernel
93s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 21:18

Target

1c878af3c2887e70e4882b4b24000581_JaffaCakes118.dll
Size

158KB
MD5

1c878af3c2887e70e4882b4b24000581
SHA1

852646642f3456f55ef1dfc575defbde390c6dd5
SHA256

d017e6aad694c7d59c86a45645a1222fa2b96266782c301fe9a83194b5b3d1c0
SHA512

d70a8d4dbbbd0878d353911577001dc6a213b09dcefa0b9d886a0b68cffd8856c4f048bdbb1e4901f54543bdb6a7cb3584b23ec17b2d5b1a0e100dcd02d9a408
SSDEEP

3072:rHZCuVNKvhk7NFfnyTwbx1ZJvzpxpHVzB:rg8fRx1nvzpxp1z

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2856	536	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 536	5044	regsvr32.exe	80
PID 5044 wrote to memory of 536	5044	regsvr32.exe	80
PID 5044 wrote to memory of 536	5044	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1c878af3c2887e70e4882b4b24000581_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1c878af3c2887e70e4882b4b24000581_JaffaCakes118.dll
  2⤵
  PID:536
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 596
    3⤵
    - Program crash
    PID:2856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 536 -ip 536
1⤵
PID:4732

memory/536-0-0x00000000007C0000-0x0000000000803000-memory.dmp

Filesize
268KB

Download