matanbuchus | 49284eb85d58dbe31d8da683a85a0a09eae81d438f2ec23524ef775018e31aa3

Analysis

max time kernel
149s
max time network
137s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
18-04-2024 18:10

Target

f87f4fdefab5ae7d4c852b2e4c125b5a_JaffaCakes118.dll
Size

570KB
MD5

f87f4fdefab5ae7d4c852b2e4c125b5a
SHA1

4c38b775024c4b7f20a082a6ade3c583f046285f
SHA256

49284eb85d58dbe31d8da683a85a0a09eae81d438f2ec23524ef775018e31aa3
SHA512

5f0d6439607666a493c40cc00536808c5d726b25b72b9272771438d3d94b4ab41a9b4a96e45a37d55788eec8c17ebb63caa35075422bdfe1d8a3697fea0785ec
SSDEEP

12288:TQJkUW20CjBwC0PSDdSLxQgOUtdByJxcU5InnykeyCgw:kJnf0CiC0Cd+6vwQL

Score

10^/10

Family

matanbuchus

http://45.93.201.209/update/31359/8108.svg

http://45.93.201.209/update/85943897/xpth8.xml

Matanbuchus
A loader sold as MaaS first seen in February 2021.
loader matanbuchus

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2360 wrote to memory of 2164	2360	regsvr32.exe	regsvr32.exe
PID 2360 wrote to memory of 2164	2360	regsvr32.exe	regsvr32.exe
PID 2360 wrote to memory of 2164	2360	regsvr32.exe	regsvr32.exe
PID 2360 wrote to memory of 2164	2360	regsvr32.exe	regsvr32.exe
PID 2360 wrote to memory of 2164	2360	regsvr32.exe	regsvr32.exe
PID 2360 wrote to memory of 2164	2360	regsvr32.exe	regsvr32.exe
PID 2360 wrote to memory of 2164	2360	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f87f4fdefab5ae7d4c852b2e4c125b5a_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f87f4fdefab5ae7d4c852b2e4c125b5a_JaffaCakes118.dll
  2⤵
  PID:2164

memory/2164-0-0x0000000010000000-0x00000000100DA000-memory.dmp

Filesize
872KB

Download
memory/2164-1-0x0000000010000000-0x00000000100DA000-memory.dmp

Filesize
872KB

Download
memory/2164-2-0x0000000010000000-0x00000000100DA000-memory.dmp

Filesize
872KB

Download
memory/2164-3-0x0000000010000000-0x00000000100DA000-memory.dmp

Filesize
872KB

Download
memory/2164-11-0x0000000010000000-0x00000000100DA000-memory.dmp

Filesize
872KB

Download
memory/2164-15-0x0000000010000000-0x00000000100DA000-memory.dmp

Filesize
872KB

Download