57faf4488b55ad752562a2126de962c9884fcebc2c0b45ce8614f1f74af8d27d

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 11:41

Target

5bcba5e388292b0c042fa3b62186ffe8_JaffaCakes118.dll
Size

176KB
MD5

5bcba5e388292b0c042fa3b62186ffe8
SHA1

c3e389a2e4e0e6c0ae17fbff34670bc0e0a2f7b4
SHA256

57faf4488b55ad752562a2126de962c9884fcebc2c0b45ce8614f1f74af8d27d
SHA512

e3f2f24287d14acfb778537b000df06619ea80d96fc543dba93479d203bfc585fece0506f8fae68aae1d1e643eb3d084e29b92ae83dd4fc047d9ba93cc6b1829
SSDEEP

3072:/BXLVMhsx5FwYH5PgAp2DMelYBFeM4FcCG7TCnp5cvLi22yT:/BXLUI5H5PgFMwAcM4RG7TTvL32yT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1624	3468	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 3468	2372	regsvr32.exe	84
PID 2372 wrote to memory of 3468	2372	regsvr32.exe	84
PID 2372 wrote to memory of 3468	2372	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5bcba5e388292b0c042fa3b62186ffe8_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5bcba5e388292b0c042fa3b62186ffe8_JaffaCakes118.dll
  2⤵
  PID:3468
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 648
    3⤵
    - Program crash
    PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3468 -ip 3468
1⤵
PID:3344