97ea74f8e5586c086858bba59e502c03d0dba8fd314cee2b3700945e5ddc95cf

Analysis

max time kernel
132s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 04:55

Target

18d962284af9db04620133a1636f3666_JaffaCakes118.exe
Size

320KB
MD5

18d962284af9db04620133a1636f3666
SHA1

5ff6d1af43d8cd465f2f4c320a59921635f85413
SHA256

97ea74f8e5586c086858bba59e502c03d0dba8fd314cee2b3700945e5ddc95cf
SHA512

76ac3070842559c52f2e13fa6078f41c348b95fd432f11bfe823e404f16ec54d0f2c5a67e11927a305dd21879dd559ebd0132c9690df4388a7ecb78ab7965c1e
SSDEEP

6144:iQ/5HfngD156kU/FAshDKVTpclhKfIe5OhwwJZ0BbVmXpz/AV:bHopW/FVhDKFSlhNlww+bGz/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
360	4724	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 4724	1432	regsvr32.exe	82
PID 1432 wrote to memory of 4724	1432	regsvr32.exe	82
PID 1432 wrote to memory of 4724	1432	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\18d962284af9db04620133a1636f3666_JaffaCakes118.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\18d962284af9db04620133a1636f3666_JaffaCakes118.exe
  2⤵
  PID:4724
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 600
    3⤵
    - Program crash
    PID:360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4724 -ip 4724
1⤵
PID:3348