59ad3eebd511a0e32ef2eb49b7dbf6778ca72b8dbb20ff6d7be52ca0dfec7860

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 11:12

Target

f35e9cd43f3d1112060f64f1a40345e5_JaffaCakes118.dll
Size

664KB
MD5

f35e9cd43f3d1112060f64f1a40345e5
SHA1

8680a76e16d7829430f728c8ecbef0f23e6f6700
SHA256

59ad3eebd511a0e32ef2eb49b7dbf6778ca72b8dbb20ff6d7be52ca0dfec7860
SHA512

67d14019707d9c45d7b39c5e3cdf68433b8441cb21fd59b81c2bbc40989cad2163b1f87d21c0389e1fdbf01ad32c411bafa72cfd4dc79baf427ef2b02af09c5b
SSDEEP

12288:2si5g4y9f2QPRmxiDozjLst4kY/P5+YuaVaYlIALrDbzeZ5ea4HME:2mxFT4jP5+titlJrDWx4R

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 664 wrote to memory of 980	664	regsvr32.exe	83
PID 664 wrote to memory of 980	664	regsvr32.exe	83
PID 664 wrote to memory of 980	664	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f35e9cd43f3d1112060f64f1a40345e5_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:664
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f35e9cd43f3d1112060f64f1a40345e5_JaffaCakes118.dll
  2⤵
  PID:980