a81a424539a92a2a2f6cc6387d05c61a5560ff3579803b5f6bb09db0759258eb

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 00:41

Target

621741eaea7dd0d8e01f9230f371a052_JaffaCakes118.exe
Size

67KB
MD5

621741eaea7dd0d8e01f9230f371a052
SHA1

02c46da05368b27fab2bb808ef9841787d39176a
SHA256

a81a424539a92a2a2f6cc6387d05c61a5560ff3579803b5f6bb09db0759258eb
SHA512

cffd333a550ecffa288df8e6a49d6b890963ebf8d2e943d01430525ac681c52f1a9da26ba2b169c99cda09e0a19632db8242e0a388ff53ced2390d6b1a7f1adf
SSDEEP

1536:t08THjNzgGXcwi+6ARBGTH+HKQNYBgShWpD+:t08THxzgGswDdRBGTHK0gSYpD

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1984	2012	WerFault.exe	30

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 2012	2564	regsvr32.exe	30
PID 2564 wrote to memory of 2012	2564	regsvr32.exe	30
PID 2564 wrote to memory of 2012	2564	regsvr32.exe	30
PID 2564 wrote to memory of 2012	2564	regsvr32.exe	30
PID 2564 wrote to memory of 2012	2564	regsvr32.exe	30
PID 2564 wrote to memory of 2012	2564	regsvr32.exe	30
PID 2564 wrote to memory of 2012	2564	regsvr32.exe	30
PID 2012 wrote to memory of 1984	2012	regsvr32.exe	31
PID 2012 wrote to memory of 1984	2012	regsvr32.exe	31
PID 2012 wrote to memory of 1984	2012	regsvr32.exe	31
PID 2012 wrote to memory of 1984	2012	regsvr32.exe	31

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\621741eaea7dd0d8e01f9230f371a052_JaffaCakes118.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\621741eaea7dd0d8e01f9230f371a052_JaffaCakes118.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2012
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 292
    3⤵
    - Program crash
    PID:1984