2772f2b951415f873a389921d9f29ae414e1cc4a8b32328cfc52f9418ca0e0f8

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 08:54

Target

3877a18c5de07dde0b3421f795a92b08_JaffaCakes118.dll
Size

86KB
MD5

3877a18c5de07dde0b3421f795a92b08
SHA1

69892774d56a39276036e7abb263ab09a02d9787
SHA256

2772f2b951415f873a389921d9f29ae414e1cc4a8b32328cfc52f9418ca0e0f8
SHA512

6ec8c8c92dafac6bf6f1efc4f4fc753a75dc5c321898b4e8ce532369ab506f308d72d01f594e65b24eeaa6168634f7561936871d82b10654bd0dbc0f291d10b1
SSDEEP

1536:blSmFExomr6dZaGzA3Asz4rbaZo5lXoUn/Bn8xg5iWqU+yQimTQGI:h1+xodHaGM3AszUbt//B8xd9w+TQGI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4744	4228	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 4228	2796	regsvr32.exe	85
PID 2796 wrote to memory of 4228	2796	regsvr32.exe	85
PID 2796 wrote to memory of 4228	2796	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3877a18c5de07dde0b3421f795a92b08_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3877a18c5de07dde0b3421f795a92b08_JaffaCakes118.dll
  2⤵
  PID:4228
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 596
    3⤵
    - Program crash
    PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4228 -ip 4228
1⤵
PID:536

memory/4228-0-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download