064bc075f39a05ba7315897f32b7f0e9e14ef0643969dd28b0afdf3f66cdd1d7

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 14:29

Target

921d57ef33debdce639d0cd990777cbc_JaffaCakes118.dll
Size

368KB
MD5

921d57ef33debdce639d0cd990777cbc
SHA1

99a016f6350c0b6f7bfd09a1c909f41ba349b561
SHA256

064bc075f39a05ba7315897f32b7f0e9e14ef0643969dd28b0afdf3f66cdd1d7
SHA512

b9c317076387595b9af28090bfdf70617f8e5e19d7936f79656d7cc2bd24b06914490b9afe5c8794923b3ff988add7fdbfb759bf72d714e853d9ddc39714ffd5
SSDEEP

6144:4Y9zU59C+DLjoDb3WAa+ESqU97nBY3C/qQh97HQAP3F/YP:r1U3CU2740dMCiWUAPFQP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 2264	1824	regsvr32.exe	28
PID 1824 wrote to memory of 2264	1824	regsvr32.exe	28
PID 1824 wrote to memory of 2264	1824	regsvr32.exe	28
PID 1824 wrote to memory of 2264	1824	regsvr32.exe	28
PID 1824 wrote to memory of 2264	1824	regsvr32.exe	28
PID 1824 wrote to memory of 2264	1824	regsvr32.exe	28
PID 1824 wrote to memory of 2264	1824	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\921d57ef33debdce639d0cd990777cbc_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\921d57ef33debdce639d0cd990777cbc_JaffaCakes118.dll
  2⤵
  PID:2264

memory/2264-0-0x00000000001D0000-0x0000000000206000-memory.dmp

Filesize
216KB

Download