Overview

overview

6

Static

static

3

1a64b13f04...18.dll

windows7-x64

6

1a64b13f04...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-06-2024 14:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a64b13f0433b2d519d2da359b22fbac_JaffaCakes118.dll

  • Size

    193KB

  • MD5

    1a64b13f0433b2d519d2da359b22fbac

  • SHA1

    0150f8555de20413e74b337e11c570d1e8d2f752

  • SHA256

    29bcad3d9a32234fc16d5cd77f880af041990f85f209e63461220133d1333fb1

  • SHA512

    4d550da8e5be1270311b3225c231101d037d93d4fa1bc7168c0c2ed7890dbd330e323ca42174f05fee6a1671893b0948d5b10d99edfd92c63a8acc486698b5be

  • SSDEEP

    6144:d3K24Sbiq/pVcrPTexVA6CNWbE1gtOwuQ/jI4tgOtLqhmKot:hK24Sb/H41lhmK

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1a64b13f0433b2d519d2da359b22fbac_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\1a64b13f0433b2d519d2da359b22fbac_JaffaCakes118.dll
      2⤵
        PID:4956
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 616
          3⤵
          • Program crash
          PID:3372
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 600
          3⤵
          • Program crash
          PID:4628
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4956 -ip 4956
      1⤵
        PID:1248
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4956 -ip 4956
        1⤵
          PID:1188
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
          1⤵
            PID:4792

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4956-0-0x0000000010023000-0x0000000010030000-memory.dmp
            Filesize

            52KB

            Download