97c12283f1554e093c58435205daa6a93dcee453b9ab04435de0d09907e8660b

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-06-2024 21:51

Target

00b649ebeeb7e469f0dbb9a34b14e37d_JaffaCakes118.dll
Size

90KB
MD5

00b649ebeeb7e469f0dbb9a34b14e37d
SHA1

dc3ca9687b6019ca62d5610f244e61c9cb8c6b4f
SHA256

97c12283f1554e093c58435205daa6a93dcee453b9ab04435de0d09907e8660b
SHA512

cbeaab03d825bf1f93d2b6d207c99684217bfa6767666c736b8f3804f2a22e0f1a4cfad0966c5b51cbf267ff1b6a11b86eb9e516ca5d1af78d0deda4534b03db
SSDEEP

1536:2RmJVtML45cbDLcB4n/XefYGXtmCePuqrbtVwbSgr:XVtTCb0qfEjePuCkSgr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 3068	3020	regsvr32.exe	28
PID 3020 wrote to memory of 3068	3020	regsvr32.exe	28
PID 3020 wrote to memory of 3068	3020	regsvr32.exe	28
PID 3020 wrote to memory of 3068	3020	regsvr32.exe	28
PID 3020 wrote to memory of 3068	3020	regsvr32.exe	28
PID 3020 wrote to memory of 3068	3020	regsvr32.exe	28
PID 3020 wrote to memory of 3068	3020	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\00b649ebeeb7e469f0dbb9a34b14e37d_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\00b649ebeeb7e469f0dbb9a34b14e37d_JaffaCakes118.dll
  2⤵
  PID:3068

memory/3068-0-0x00000000002F0000-0x0000000000334000-memory.dmp

Filesize
272KB

Download