8344150b11387fc597bfceff181d0484f45aa677872884a5428f3a8c5d4df112

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 08:48

Target

e99b732f7d20fa2344b712b1a1ed37c2_JaffaCakes118.dll
Size

117KB
MD5

e99b732f7d20fa2344b712b1a1ed37c2
SHA1

d6e93eca86de6be0594f34a9abb26fab94347d59
SHA256

8344150b11387fc597bfceff181d0484f45aa677872884a5428f3a8c5d4df112
SHA512

d25b07747c7ffd570493e93baf5fea5baee856b22b37f9e36836700719bc720babf692c0a73deddaf5068774bab6b3e8157a9912674bb05bf0cab510500a77e5
SSDEEP

3072:2C98l8VutkQPFyQQz70DXdbHv87+jT7/EAb:B+leuyQPFQz7CP87+/DE

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 1348	2156	regsvr32.exe	28
PID 2156 wrote to memory of 1348	2156	regsvr32.exe	28
PID 2156 wrote to memory of 1348	2156	regsvr32.exe	28
PID 2156 wrote to memory of 1348	2156	regsvr32.exe	28
PID 2156 wrote to memory of 1348	2156	regsvr32.exe	28
PID 2156 wrote to memory of 1348	2156	regsvr32.exe	28
PID 2156 wrote to memory of 1348	2156	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e99b732f7d20fa2344b712b1a1ed37c2_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e99b732f7d20fa2344b712b1a1ed37c2_JaffaCakes118.dll
  2⤵
  PID:1348

memory/1348-0-0x0000000000110000-0x0000000000160000-memory.dmp

Filesize
320KB

Download