0569c4fc41dff99a96de7d9e7d0007d457e2fca2e56c4cfe72d66ac24b7cdf7e

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2024 20:55

Target

e86694985a9ac33bc97f9a48b7a84362_JaffaCakes118.dll
Size

32KB
MD5

e86694985a9ac33bc97f9a48b7a84362
SHA1

98263421bf9c9e4ee41b5c89a5122d1f15415bc9
SHA256

0569c4fc41dff99a96de7d9e7d0007d457e2fca2e56c4cfe72d66ac24b7cdf7e
SHA512

8d30748e3900b4e260ff59907cc273c4ca70cf2cf1992a7567cb73bffe98f5e2782fd0cc46930446c378ef70c9f54c26dbd2cc1da8717675a0edc985882e8d9f
SSDEEP

768:x+ThI7GunwKDaAwv37d/6H7FZ6v70C3xYswZL1B:x2hWnwKDKvxiZ6vowUz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 4428	1292	regsvr32.exe	92
PID 1292 wrote to memory of 4428	1292	regsvr32.exe	92
PID 1292 wrote to memory of 4428	1292	regsvr32.exe	92

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e86694985a9ac33bc97f9a48b7a84362_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e86694985a9ac33bc97f9a48b7a84362_JaffaCakes118.dll
  2⤵
  PID:4428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3820 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
1⤵
PID:4612

memory/4428-0-0x00000000004C0000-0x00000000004CD000-memory.dmp

Filesize
52KB

Download