8e8269348e4bb7c8083b47cd8e9b5cb50b80c63194da90cb0ece678ace77aed2

Analysis

max time kernel
93s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 23:40

Target

f901f4f5bb400d6b1af62656473c0114_JaffaCakes118.dll
Size

126KB
MD5

f901f4f5bb400d6b1af62656473c0114
SHA1

bc58aba5142e02396901f21cc6fc7c01d4a7b007
SHA256

8e8269348e4bb7c8083b47cd8e9b5cb50b80c63194da90cb0ece678ace77aed2
SHA512

72aa2bca8ce43ded56346d2e8370d357d99b7a70d766e81db2db4ef7af375132d9d2db6e72ae46824c02aad86dee333f0955a601e750891eb8d3a2db838c5019
SSDEEP

3072:z7cbY4cniVEulIdHVz7EDkXV8kWPlkW6n/pBoJpD:ncbY4cnaENF7Eq8BPl6/pBUpD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 3716	4736	regsvr32.exe	85
PID 4736 wrote to memory of 3716	4736	regsvr32.exe	85
PID 4736 wrote to memory of 3716	4736	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f901f4f5bb400d6b1af62656473c0114_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f901f4f5bb400d6b1af62656473c0114_JaffaCakes118.dll
  2⤵
  PID:3716

memory/3716-0-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download