3d3bbef1e3011c69c334918d623c6869e168ba65194ea42433b0b043f781d6cb

Analysis

max time kernel
90s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 21:25

Target

f45c30289b9706533f464d6c7fb61f65_JaffaCakes118.dll
Size

122KB
MD5

f45c30289b9706533f464d6c7fb61f65
SHA1

2e490f895f815c767f7265ebe12241fac0a190f8
SHA256

3d3bbef1e3011c69c334918d623c6869e168ba65194ea42433b0b043f781d6cb
SHA512

53c1cdcfe1acf19ef97034f1609c6d139ee2660c7b1ac7fe63b6ca41b1ae93adc3b4fa50e1d3560295f858a6e30c82497316786df2f8e6788b3ae6fcc2ccc0d9
SSDEEP

3072:gkpCccR4lXkSrf1cYGb9PTkxfpdqSEB6v6I0Wi:/rsaXdG7PTkdOB62B

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 4392	1408	regsvr32.exe	90
PID 1408 wrote to memory of 4392	1408	regsvr32.exe	90
PID 1408 wrote to memory of 4392	1408	regsvr32.exe	90

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f45c30289b9706533f464d6c7fb61f65_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f45c30289b9706533f464d6c7fb61f65_JaffaCakes118.dll
  2⤵
  PID:4392

memory/4392-0-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download