74e465079be51f0b5f32b436a32fc8a077314d3a5774c525776d2e2ea2ef4565

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 21:29

Target

3ef36da00c13e4613fde9ccf449b1c22_JaffaCakes118.dll
Size

120KB
MD5

3ef36da00c13e4613fde9ccf449b1c22
SHA1

72b066acd663144398f5c40002dcdcce4594a5aa
SHA256

74e465079be51f0b5f32b436a32fc8a077314d3a5774c525776d2e2ea2ef4565
SHA512

61f698047199f751c46190eae48eee277b321db33ddf4e0fa6935852fdb9117050c94818a731eafa3b38d7746752c0c98df336b75e1e9db4c4bf53d149d52ccb
SSDEEP

1536:yxqaQuoMIiNuyoxxTh5tRIriVwF9P4T6c+BQulRuv7zj:GBoMIEHQjRIOSF9Pq+Guoj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4120	1464	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1240 wrote to memory of 1464	1240	regsvr32.exe	83
PID 1240 wrote to memory of 1464	1240	regsvr32.exe	83
PID 1240 wrote to memory of 1464	1240	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3ef36da00c13e4613fde9ccf449b1c22_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1240
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3ef36da00c13e4613fde9ccf449b1c22_JaffaCakes118.dll
  2⤵
  PID:1464
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 636
    3⤵
    - Program crash
    PID:4120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1464 -ip 1464
1⤵
PID:1952

memory/1464-0-0x00000000006C0000-0x00000000006DE000-memory.dmp

Filesize
120KB

Download