c24c635b180f6d58c96f8c6be8d19f0ef34b3bc840147b895e55316713662143

Analysis

max time kernel
94s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 07:15

Target

4d4bbfd82bc23b73d2c32cbdfa47b8f4_JaffaCakes118.dll
Size

10KB
MD5

4d4bbfd82bc23b73d2c32cbdfa47b8f4
SHA1

202da299afedf6fabc74f57709b2925d9d80eb14
SHA256

c24c635b180f6d58c96f8c6be8d19f0ef34b3bc840147b895e55316713662143
SHA512

6f97a0ec9a1d611f92d0d14d917b08b0c657c576c4fedb89e9e26cc7bbb85b65d390fefb6c9b7856691bb0b217985e6527dbd821acff5a32cb6f2998e833612a
SSDEEP

96:/XVGucSfZnayobA6v6OmiE6Fj6PlWGaBIICnFFr0tfGW+pKGq6VmuXfECy9EZL8T:/XVGuTrGAsxXn6tj5rRcGRXfxyP96/I

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2368	3656	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 3656	1088	regsvr32.exe	84
PID 1088 wrote to memory of 3656	1088	regsvr32.exe	84
PID 1088 wrote to memory of 3656	1088	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4d4bbfd82bc23b73d2c32cbdfa47b8f4_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4d4bbfd82bc23b73d2c32cbdfa47b8f4_JaffaCakes118.dll
  2⤵
  PID:3656
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 624
    3⤵
    - Program crash
    PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3656 -ip 3656
1⤵
PID:1744