7cf2c1bed93ff775e65766593a68c8ae35800a5f45d115ecfedc404bfcfe8ac8

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
19/06/2024, 18:40

Target

00026ecc347f3c85387e95be5e440845_JaffaCakes118.dll
Size

22KB
MD5

00026ecc347f3c85387e95be5e440845
SHA1

7c7645010bd56025750bc5264f20f7134409eb26
SHA256

7cf2c1bed93ff775e65766593a68c8ae35800a5f45d115ecfedc404bfcfe8ac8
SHA512

5d729aec4cd3d841865250f8c7f1ba500406f0c0d869959d614f21fea57e0699da4cc5b39b7e3a142b7ac4ba78ca5abab1831ad0aa29a50a996569581deca22a
SSDEEP

384:bWWTEcWFN5JrtlAg1hZsJz+fD1pf4xcgmuw0C8tm7N6TmUg9ex:Udtlz1HsJz+L1pFg3w05tSPQx

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 2008	2464	regsvr32.exe	28
PID 2464 wrote to memory of 2008	2464	regsvr32.exe	28
PID 2464 wrote to memory of 2008	2464	regsvr32.exe	28
PID 2464 wrote to memory of 2008	2464	regsvr32.exe	28
PID 2464 wrote to memory of 2008	2464	regsvr32.exe	28
PID 2464 wrote to memory of 2008	2464	regsvr32.exe	28
PID 2464 wrote to memory of 2008	2464	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\00026ecc347f3c85387e95be5e440845_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\00026ecc347f3c85387e95be5e440845_JaffaCakes118.dll
  2⤵
  PID:2008

memory/2008-0-0x00000000001D0000-0x00000000001F0000-memory.dmp

Filesize
128KB

Download