59a0b084de9cf8e753309d44a0a92746b8aa6fa539ff0e57e16e1eff172befb5

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
19/06/2024, 19:53

Target

0038c70456c5ea32b774bd4b3faed2a3_JaffaCakes118.dll
Size

20KB
MD5

0038c70456c5ea32b774bd4b3faed2a3
SHA1

599794652505d0ede4d31a6bb21e73adc7d5cf00
SHA256

59a0b084de9cf8e753309d44a0a92746b8aa6fa539ff0e57e16e1eff172befb5
SHA512

89b39874838e187f73c365c77b3774ca4f233fa4df6545bb706e3bfd706f45273d3135adc1ba2c4b0fb43099cca51d9e5636e4bca0ff29c26b57742650408c58
SSDEEP

384:iWWTEcW0pY9scUYiYKza5Qdb0mwZfrGIsOiAgEFtF6jWLXaea76emX21fu4k/Zmp:paWsoiFza5M0mwhamDrvF6jIXja9V1NR

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2360	2124	regsvr32.exe	28
PID 2124 wrote to memory of 2360	2124	regsvr32.exe	28
PID 2124 wrote to memory of 2360	2124	regsvr32.exe	28
PID 2124 wrote to memory of 2360	2124	regsvr32.exe	28
PID 2124 wrote to memory of 2360	2124	regsvr32.exe	28
PID 2124 wrote to memory of 2360	2124	regsvr32.exe	28
PID 2124 wrote to memory of 2360	2124	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0038c70456c5ea32b774bd4b3faed2a3_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0038c70456c5ea32b774bd4b3faed2a3_JaffaCakes118.dll
  2⤵
  PID:2360