5c0a94d770cdfc836c7268d03619ee0ef1c595f6b5a36e41bf4fce3d0097382c

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 09:52

Target

412df829a2b8f1044ea982cacb2cbe99_JaffaCakes118.dll
Size

88KB
MD5

412df829a2b8f1044ea982cacb2cbe99
SHA1

99d89e6361adf9774430046304e60e293f596d88
SHA256

5c0a94d770cdfc836c7268d03619ee0ef1c595f6b5a36e41bf4fce3d0097382c
SHA512

058a6ea34201c16d6591697dc3d1e0dae8f4da841578455abdd4c83e69cf58dd376311b9ae310fc73eff5e38fdc004153dfa320363b7fe262fc224a6345a25f2
SSDEEP

1536:3OnJVjGyBteHTaplS88MuKYszFi1hd2VSAL1rW3lEyJQhUKYT:3OnJVyaezYsKYs5irdtAEmVmKYT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2532	2424	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3840 wrote to memory of 2424	3840	regsvr32.exe	83
PID 3840 wrote to memory of 2424	3840	regsvr32.exe	83
PID 3840 wrote to memory of 2424	3840	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\412df829a2b8f1044ea982cacb2cbe99_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3840
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\412df829a2b8f1044ea982cacb2cbe99_JaffaCakes118.dll
  2⤵
  PID:2424
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 596
    3⤵
    - Program crash
    PID:2532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2424 -ip 2424
1⤵
PID:536

memory/2424-0-0x00000000009F0000-0x0000000000A33000-memory.dmp

Filesize
268KB

Download