0026bbf5bbf93d161bdc03b584ab20b2d16a2f84a003b89a0558961c1a296108

Analysis

max time kernel
134s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:13

Target

6969367b18a6e690057598d9f7aa6138_JaffaCakes118.dll
Size

54KB
MD5

6969367b18a6e690057598d9f7aa6138
SHA1

6e9f28cfb0759e7a923eeda06836458ddc71bd4e
SHA256

0026bbf5bbf93d161bdc03b584ab20b2d16a2f84a003b89a0558961c1a296108
SHA512

990e3b26293cace79050fc98391434b1f9d41d20f00e8a9df979c5f4f4639dd46f5b21593973f27563a8650615e2ee5ad1a5f2baae67a159e51eb4d22e956013
SSDEEP

768:2I0SNlaD8AumlnTfh7MBphEpiC8QP/mttkhatw0Pt8UH6hlSbtk/2jzw2IRz8nUq:1SD8wDh7MBphf2cE0PHa/JxVC

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 3164 wrote to memory of 4460	3164	regsvr32.exe	regsvr32.exe
PID 3164 wrote to memory of 4460	3164	regsvr32.exe	regsvr32.exe
PID 3164 wrote to memory of 4460	3164	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6969367b18a6e690057598d9f7aa6138_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3164

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\6969367b18a6e690057598d9f7aa6138_JaffaCakes118.dll
2⤵
PID:4460

memory/4460-0-0x0000000065C40000-0x0000000065C64000-memory.dmp

Filesize
144KB

Download