0c798b5660a58ed221faf4f3aa3b0b9004f7bd0cf435dc7ca7a0c665b96dbeb3

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 15:10

Target

876fecb5c2c799171038148a232e50b2_JaffaCakes118.dll
Size

327KB
MD5

876fecb5c2c799171038148a232e50b2
SHA1

adff870256f80f92dcec391d6fcededce8a393ad
SHA256

0c798b5660a58ed221faf4f3aa3b0b9004f7bd0cf435dc7ca7a0c665b96dbeb3
SHA512

9c1ddaeef37e96dc5c649aa81dbad843dbc2e7c0c49428f30b9b54128456399752e1923ae74cbe5010e45616438e6afa4d5eb2abcd5a6549ea0d1bf4f70b1670
SSDEEP

6144:SBUOk0WuV6iyGS8YeSD0Ntt+R1Rzeb3eCLLXPADOZooeVLC:SyOk0WylyGSreSDAtUNC3Gox

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2228	1756	regsvr32.exe	28
PID 1756 wrote to memory of 2228	1756	regsvr32.exe	28
PID 1756 wrote to memory of 2228	1756	regsvr32.exe	28
PID 1756 wrote to memory of 2228	1756	regsvr32.exe	28
PID 1756 wrote to memory of 2228	1756	regsvr32.exe	28
PID 1756 wrote to memory of 2228	1756	regsvr32.exe	28
PID 1756 wrote to memory of 2228	1756	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\876fecb5c2c799171038148a232e50b2_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\876fecb5c2c799171038148a232e50b2_JaffaCakes118.dll
  2⤵
  PID:2228