e0db24db58099d67a8fa94106bfbe6dd6e7cfebdf8b36b6b29501af57595951f

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 10:02

Target

2825a4cd736555805b84d2864fb64b04_JaffaCakes118.exe
Size

324KB
MD5

2825a4cd736555805b84d2864fb64b04
SHA1

9442b2e8d3ec08baa0f9a1033e0d38ca5f8c315a
SHA256

e0db24db58099d67a8fa94106bfbe6dd6e7cfebdf8b36b6b29501af57595951f
SHA512

4d820cba96428d9583c097f8dff11a49ceaf67f805b2da774685d01dc08e462053343b4ab86bd939d58ec98ada68865ed2fe9c2d9e7cc05be37962c19c26c8b4
SSDEEP

6144:r7KZNM1Qn6aD7wX+RgQb+mpMx3FUcxcVnWyWn4dpdfXmOcOR2DN+ecB2FkHIZ:r7uB646mpSScqVnXWn4dPtcOR2R+wFkq

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3440	1324	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 1324	2108	regsvr32.exe	82
PID 2108 wrote to memory of 1324	2108	regsvr32.exe	82
PID 2108 wrote to memory of 1324	2108	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2825a4cd736555805b84d2864fb64b04_JaffaCakes118.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2825a4cd736555805b84d2864fb64b04_JaffaCakes118.exe
  2⤵
  PID:1324
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 608
    3⤵
    - Program crash
    PID:3440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1324 -ip 1324
1⤵
PID:2204