38bff3a57289b8a5305d5675e2c48195905588e738c2e7de4b3ee2725b6d52b8

Analysis

max time kernel
140s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
19/06/2024, 19:33

Target

0028ba4ed6fa12fdb1f554838167f763_JaffaCakes118.dll
Size

248KB
MD5

0028ba4ed6fa12fdb1f554838167f763
SHA1

691f168b83eb4e1be836abe06a4cf20544bc2cee
SHA256

38bff3a57289b8a5305d5675e2c48195905588e738c2e7de4b3ee2725b6d52b8
SHA512

e8a30260e7f71aa2247b52a91d48dfa9b2a689254119c774f23a7d3d7018a7cbc4846afbb57d3cf3d0b533838c5c10f755b4fd56cc9bda10bbc1d131d50c61f3
SSDEEP

1536:P50Km/LE8t50Km/LE8t50Km/LE8t50Km/LE8t50Km/LE8t50Km/LE8t50Km/LE8:zp8Zp8Zp8Zp8Zp8Zp8Zp8

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 2240	3500	regsvr32.exe	82
PID 3500 wrote to memory of 2240	3500	regsvr32.exe	82
PID 3500 wrote to memory of 2240	3500	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0028ba4ed6fa12fdb1f554838167f763_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0028ba4ed6fa12fdb1f554838167f763_JaffaCakes118.dll
  2⤵
  PID:2240