3eeba33e70510957b007e47a4262d28bf3a99f2a3db6db9280b06090f2357f62

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 16:51

Target

f3e750c6824d12258dadf4e1fb02f2ab_JaffaCakes118.dll
Size

23KB
MD5

f3e750c6824d12258dadf4e1fb02f2ab
SHA1

1376f51f5a090b72677031c495aac058c962f688
SHA256

3eeba33e70510957b007e47a4262d28bf3a99f2a3db6db9280b06090f2357f62
SHA512

bc0860fe783fd32eb6ae63e9c44d548f52268b6cc8f135160d816f55630e4cc83a7d19511a1ddff47e2b40e522747910ff5d90ed08b2b74effa52858a5bf6230
SSDEEP

384:P68TlmI+H0Y9bYjlr0Erx4v7DjNqcHn0zn0yYjmaU18frgXSuzsUk:TEI+rGlrDlEHNTKW0iDgXx4p

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2732	2300	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2300	2488	regsvr32.exe	28
PID 2488 wrote to memory of 2300	2488	regsvr32.exe	28
PID 2488 wrote to memory of 2300	2488	regsvr32.exe	28
PID 2488 wrote to memory of 2300	2488	regsvr32.exe	28
PID 2488 wrote to memory of 2300	2488	regsvr32.exe	28
PID 2488 wrote to memory of 2300	2488	regsvr32.exe	28
PID 2488 wrote to memory of 2300	2488	regsvr32.exe	28
PID 2300 wrote to memory of 2732	2300	regsvr32.exe	29
PID 2300 wrote to memory of 2732	2300	regsvr32.exe	29
PID 2300 wrote to memory of 2732	2300	regsvr32.exe	29
PID 2300 wrote to memory of 2732	2300	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f3e750c6824d12258dadf4e1fb02f2ab_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f3e750c6824d12258dadf4e1fb02f2ab_JaffaCakes118.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2300
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 304
    3⤵
    - Program crash
    PID:2732

memory/2300-0-0x0000000010000000-0x000000001001C000-memory.dmp

Filesize
112KB

Download
memory/2300-1-0x0000000010000000-0x000000001001C000-memory.dmp

Filesize
112KB

Download