7070e7211df054ae41ec3e9653fedee851bde9afd96422db7968f085a76fd570

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 15:22

Target

30e99024d9cc9044213e0a3647afe8b6_JaffaCakes118.dll
Size

586KB
MD5

30e99024d9cc9044213e0a3647afe8b6
SHA1

48da0ff522c7f589591bc2fa9506809792a0519f
SHA256

7070e7211df054ae41ec3e9653fedee851bde9afd96422db7968f085a76fd570
SHA512

0fe0213e3a2961062d1bfe2e349c9d700b615b4a7fd0ab65a732294a515ae551e543c6bd8766a3535bcdca038591c477e1bacd1280f860e700640ed287695108
SSDEEP

12288:7efY5e3E9Tr2uhbtK+7uBmhZG3OmWse/2iUHoQ0Lj8A:7efYCObtKEuBj3OEdiRQO8A

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2432	2892	WerFault.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2892	2052	regsvr32.exe	30
PID 2052 wrote to memory of 2892	2052	regsvr32.exe	30
PID 2052 wrote to memory of 2892	2052	regsvr32.exe	30
PID 2052 wrote to memory of 2892	2052	regsvr32.exe	30
PID 2052 wrote to memory of 2892	2052	regsvr32.exe	30
PID 2052 wrote to memory of 2892	2052	regsvr32.exe	30
PID 2052 wrote to memory of 2892	2052	regsvr32.exe	30
PID 2892 wrote to memory of 2432	2892	regsvr32.exe	31
PID 2892 wrote to memory of 2432	2892	regsvr32.exe	31
PID 2892 wrote to memory of 2432	2892	regsvr32.exe	31
PID 2892 wrote to memory of 2432	2892	regsvr32.exe	31

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\30e99024d9cc9044213e0a3647afe8b6_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\30e99024d9cc9044213e0a3647afe8b6_JaffaCakes118.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2892
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 296
    3⤵
    - Program crash
    PID:2432