a5ad42aa5321aa196361b6ce4b79c35c036c56a0213152dd1703acc25bc5149c

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 18:25

Target

4ade80cb3522fc3caee9be4c2cf33071_JaffaCakes118.dll
Size

324KB
MD5

4ade80cb3522fc3caee9be4c2cf33071
SHA1

a0610f4df507f48a25b6575eafc96d7df2f4a619
SHA256

a5ad42aa5321aa196361b6ce4b79c35c036c56a0213152dd1703acc25bc5149c
SHA512

e9c4e2d345fbdd7c5debc72792f1387667a6d77ce530e37687cbcf7ccc58dca2c016e85866758c58386d3bdfb432e602ba3121183e0a34133e4f5e81a95d6229
SSDEEP

6144:eKtDP9elqi0AOROne1mR2wF+M0ZibHykbxKprM5LDJme3:eKtYlqi09ROne1mRPF+MmCH1tKprMpNF

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3180	3512	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 3512	2384	regsvr32.exe	83
PID 2384 wrote to memory of 3512	2384	regsvr32.exe	83
PID 2384 wrote to memory of 3512	2384	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4ade80cb3522fc3caee9be4c2cf33071_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4ade80cb3522fc3caee9be4c2cf33071_JaffaCakes118.dll
  2⤵
  PID:3512
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 656
    3⤵
    - Program crash
    PID:3180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3512 -ip 3512
1⤵
PID:2832

memory/3512-0-0x000000004C0C0000-0x000000004C111000-memory.dmp

Filesize
324KB

Download