1f489fc6703dd57a5d322a920c98c60b0a9be1168147e3ab1f0db8fa2ba03dae

Analysis

max time kernel
132s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2024 02:16

Target

8917246255464c041babe1b821d2441a_JaffaCakes118.dll
Size

161KB
MD5

8917246255464c041babe1b821d2441a
SHA1

304f9514972fdc3106f0e95b5a7bbeac51eb1fde
SHA256

1f489fc6703dd57a5d322a920c98c60b0a9be1168147e3ab1f0db8fa2ba03dae
SHA512

9be13397919b74912670837c72c239ea04939f9366fddbdd4a27f1c9f75e0141fdd7c3e3c07baa9ec4824ca68411a2589d20a6beb7981d6498a2d5553232dd97
SSDEEP

3072:7yZq5YskO4qMeR6Xi38vWp3ZzYvlH6lf3FAz8MubyrO:7LYskDQAT+Yvla3M

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2384 wrote to memory of 1692	2384	regsvr32.exe	regsvr32.exe
PID 2384 wrote to memory of 1692	2384	regsvr32.exe	regsvr32.exe
PID 2384 wrote to memory of 1692	2384	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8917246255464c041babe1b821d2441a_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2384

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\8917246255464c041babe1b821d2441a_JaffaCakes118.dll
2⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4372,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=1032 /prefetch:8
1⤵
PID:3284