d7ec88e68132285ddd25d7f012e41aef98a2e053647035194396f05153b18993

Analysis

max time kernel
96s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 15:54

Target

4681553d3abb67aed4a2cf7a988b276d_JaffaCakes118.dll
Size

100KB
MD5

4681553d3abb67aed4a2cf7a988b276d
SHA1

d427db130b76e50a9c2f602adfdc8505fcfae6d1
SHA256

d7ec88e68132285ddd25d7f012e41aef98a2e053647035194396f05153b18993
SHA512

c4fcf7fb12658a7fdf6e4de8af6fd87b705b69da3b2d5a0cb283e12a8ca8a9393d73fa4b48582492c83e51b32c873ed737a17f277935b434dc38ea6ab7f163a4
SSDEEP

3072:0bXTjlB1kbOi4ELwWPD8jvyv60iddjW4shQGrO1Jx20o:07TjyOi4qV8jKvJiXS4shQGr6n2

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
880	4080	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 208 wrote to memory of 4080	208	regsvr32.exe	83
PID 208 wrote to memory of 4080	208	regsvr32.exe	83
PID 208 wrote to memory of 4080	208	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4681553d3abb67aed4a2cf7a988b276d_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:208
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4681553d3abb67aed4a2cf7a988b276d_JaffaCakes118.dll
  2⤵
  PID:4080
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 616
    3⤵
    - Program crash
    PID:880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 4080 -ip 4080
1⤵
PID:4248

memory/4080-1-0x0000000002250000-0x0000000002296000-memory.dmp

Filesize
280KB

Download
memory/4080-0-0x0000000002250000-0x0000000002296000-memory.dmp

Filesize
280KB

Download