405df93c76f7f93d7bb0b0abc893bf7ef01da4094debf995c2f154e76822c61c

Analysis

max time kernel
53s
max time network
62s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05-07-2024 16:54

Target

270bc4da5e3840078a59ec38862e0ff6_JaffaCakes118.dll
Size

39KB
MD5

270bc4da5e3840078a59ec38862e0ff6
SHA1

27e54921122399fbe76eb9d97b7fcb1a4fc296b6
SHA256

405df93c76f7f93d7bb0b0abc893bf7ef01da4094debf995c2f154e76822c61c
SHA512

17c9a53dc2b634061a2372ea1e9fa8805c7a011d2561768babc052b6fa53dcaba7dc9367fe0b4f0ca7498d16ed342a66613425f427e9a8321b262c548f39c023
SSDEEP

768:34gwHzPwzXk7A+CgefG7n0tByFqZB3B2:3uHbwkkbG7nOBysj3B

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2440	5104	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 5104	1508	regsvr32.exe	80
PID 1508 wrote to memory of 5104	1508	regsvr32.exe	80
PID 1508 wrote to memory of 5104	1508	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\270bc4da5e3840078a59ec38862e0ff6_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\270bc4da5e3840078a59ec38862e0ff6_JaffaCakes118.dll
  2⤵
  PID:5104
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 616
    3⤵
    - Program crash
    PID:2440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5104 -ip 5104
1⤵
PID:3492