42876bac2ac5e62aa0c89bfa1ebca435cf98364f6c366ab73cbca77d9f9135eb

Analysis

max time kernel
92s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 21:47

Target

e87df566e7cdb2bc0f4071b97154cb6e_JaffaCakes118.dll
Size

241KB
MD5

e87df566e7cdb2bc0f4071b97154cb6e
SHA1

0b6f5109b7aa9b49578a7f3f85dcf01986c9b68c
SHA256

42876bac2ac5e62aa0c89bfa1ebca435cf98364f6c366ab73cbca77d9f9135eb
SHA512

b26fb2f411f59dc0a92a71079692a924cd780d6173aefad73a0fca2d41fff5be45fa5e0c9cb24a1cf9f20cfac7216ab4472eb338b852d5358736a0b15bd8db87
SSDEEP

3072:m08E/OXkvAcIuWlYO1aEK1mo/U1BinpvGBQ8uSyr+kBy+st1y+styy+:tukvAcIg/jU1apv01sDBy+st1y+styy+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 644	2420	regsvr32.exe	85
PID 2420 wrote to memory of 644	2420	regsvr32.exe	85
PID 2420 wrote to memory of 644	2420	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e87df566e7cdb2bc0f4071b97154cb6e_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e87df566e7cdb2bc0f4071b97154cb6e_JaffaCakes118.dll
  2⤵
  PID:644