368139b30be062da88ebc7fa09a9fa0c2fa084514332c9fc9a2ad957f564230a

Analysis

max time kernel
129s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 04:28

Target

77e683067bd79ae02f44c0f7d099c2bd_JaffaCakes118.dll
Size

68KB
MD5

77e683067bd79ae02f44c0f7d099c2bd
SHA1

ca55c6fc4d8bd64fd1d72c4b4eaeec288d766746
SHA256

368139b30be062da88ebc7fa09a9fa0c2fa084514332c9fc9a2ad957f564230a
SHA512

92d747e10a3abe3906f9a099b2cd88a76ae26474ad5fd2948f1ed166249b32733f1ede40cc48e162ba202df1de8d2b704695e116831f1ca1d375cb4775e9a036
SSDEEP

768:HQPC/bg1A4eM6FjsjnjmWfre0NSk+hLOaKFys0BFRTTAZ/37/pY5fG0iVf3rF:HQQ6gKnAzheys0rRYZ/Ta5fpiVjF

Score

1^/10

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CC43AF26-60C3-4612-B58D-27A07A40E90B}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\77e683067bd79ae02f44c0f7d099c2bd_JaffaCakes118.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CC43AF26-60C3-4612-B58D-27A07A40E90B}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CC43AF26-60C3-4612-B58D-27A07A40E90B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CC43AF26-60C3-4612-B58D-27A07A40E90B}\ = "SogouPY Text Service"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CC43AF26-60C3-4612-B58D-27A07A40E90B}\InProcServer32	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4356 wrote to memory of 4780	4356	regsvr32.exe	83
PID 4356 wrote to memory of 4780	4356	regsvr32.exe	83
PID 4356 wrote to memory of 4780	4356	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\77e683067bd79ae02f44c0f7d099c2bd_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4356
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\77e683067bd79ae02f44c0f7d099c2bd_JaffaCakes118.dll
  2⤵
  - Modifies registry class
  PID:4780