85c1d67c4997afc02b0487ef01683c663e09d364a83e77266db857858adf6f23

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 11:16

Target

675cca38ce8744932e2b7b5378ebe136_JaffaCakes118.dll
Size

18KB
MD5

675cca38ce8744932e2b7b5378ebe136
SHA1

bc60f352790b17c1ad43cb719096aff89c01de3f
SHA256

85c1d67c4997afc02b0487ef01683c663e09d364a83e77266db857858adf6f23
SHA512

2112e99d063a5c26a1303784f5116146b26a57ac1f85832f96321556dea0bfd0521108954e62fd29910e08797e017fee74f23c43fdfb19cab35e06c0f755c5dc
SSDEEP

384:e9N3iFrJ+d9eNJPgQwMNKccxpg8PCya0h2xfAtn:eLy1wdoC9ccxCOX2i

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3252	916	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 916	2236	regsvr32.exe	84
PID 2236 wrote to memory of 916	2236	regsvr32.exe	84
PID 2236 wrote to memory of 916	2236	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\675cca38ce8744932e2b7b5378ebe136_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\675cca38ce8744932e2b7b5378ebe136_JaffaCakes118.dll
  2⤵
  PID:916
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 656
    3⤵
    - Program crash
    PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 916 -ip 916
1⤵
PID:4248

memory/916-0-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/916-1-0x0000000000DF0000-0x0000000000DF1000-memory.dmp

Filesize
4KB

Download