2d9b563c7588bee5501445e7a1624da8c3243e9e5f3871b6b2a30bf572c2c925

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 16:07

Target

faaa5601ec7ca180dfe511554a872293_JaffaCakes118.dll
Size

79KB
MD5

faaa5601ec7ca180dfe511554a872293
SHA1

07b8c1c9ccbf8f84ebe6e7ac244efe8712e13d08
SHA256

2d9b563c7588bee5501445e7a1624da8c3243e9e5f3871b6b2a30bf572c2c925
SHA512

999302fcc2f6baf7e2ef366e802c1530335f8228b0eb006f73402b4950e8e0fa2ef56c67114a56731fc2f36c1372e979c91566375cc6a8af53ea7c880e8c3376
SSDEEP

1536:lbDmi+0YduImNuB8CbtkRHwpb1TUcI5kVQGawQuD0tkArxMs8KaAmqnaQ:AKYsFNvCbtx7PcHgcRlX/naQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 2604	1760	regsvr32.exe	28
PID 1760 wrote to memory of 2604	1760	regsvr32.exe	28
PID 1760 wrote to memory of 2604	1760	regsvr32.exe	28
PID 1760 wrote to memory of 2604	1760	regsvr32.exe	28
PID 1760 wrote to memory of 2604	1760	regsvr32.exe	28
PID 1760 wrote to memory of 2604	1760	regsvr32.exe	28
PID 1760 wrote to memory of 2604	1760	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\faaa5601ec7ca180dfe511554a872293_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\faaa5601ec7ca180dfe511554a872293_JaffaCakes118.dll
  2⤵
  PID:2604

memory/2604-0-0x00000000001A0000-0x00000000001DF000-memory.dmp

Filesize
252KB

Download