e0db24db58099d67a8fa94106bfbe6dd6e7cfebdf8b36b6b29501af57595951f

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 10:02

Target

2825a4cd736555805b84d2864fb64b04_JaffaCakes118.exe
Size

324KB
MD5

2825a4cd736555805b84d2864fb64b04
SHA1

9442b2e8d3ec08baa0f9a1033e0d38ca5f8c315a
SHA256

e0db24db58099d67a8fa94106bfbe6dd6e7cfebdf8b36b6b29501af57595951f
SHA512

4d820cba96428d9583c097f8dff11a49ceaf67f805b2da774685d01dc08e462053343b4ab86bd939d58ec98ada68865ed2fe9c2d9e7cc05be37962c19c26c8b4
SSDEEP

6144:r7KZNM1Qn6aD7wX+RgQb+mpMx3FUcxcVnWyWn4dpdfXmOcOR2DN+ecB2FkHIZ:r7uB646mpSScqVnXWn4dPtcOR2R+wFkq

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1880	1884	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 1884	2144	regsvr32.exe	28
PID 2144 wrote to memory of 1884	2144	regsvr32.exe	28
PID 2144 wrote to memory of 1884	2144	regsvr32.exe	28
PID 2144 wrote to memory of 1884	2144	regsvr32.exe	28
PID 2144 wrote to memory of 1884	2144	regsvr32.exe	28
PID 2144 wrote to memory of 1884	2144	regsvr32.exe	28
PID 2144 wrote to memory of 1884	2144	regsvr32.exe	28
PID 1884 wrote to memory of 1880	1884	regsvr32.exe	29
PID 1884 wrote to memory of 1880	1884	regsvr32.exe	29
PID 1884 wrote to memory of 1880	1884	regsvr32.exe	29
PID 1884 wrote to memory of 1880	1884	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2825a4cd736555805b84d2864fb64b04_JaffaCakes118.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2825a4cd736555805b84d2864fb64b04_JaffaCakes118.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1884
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 292
    3⤵
    - Program crash
    PID:1880