bf08431df4c5d87543700537a0cf0d0f52429d5a55fbc307677bf8dbb82a30c0

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19/06/2024, 21:13

Target

0085b8eb08126f0acd1e3a12b579e28d_JaffaCakes118.dll
Size

132KB
MD5

0085b8eb08126f0acd1e3a12b579e28d
SHA1

ca75caf4c4ef1641668c64565e0c7805832fff1d
SHA256

bf08431df4c5d87543700537a0cf0d0f52429d5a55fbc307677bf8dbb82a30c0
SHA512

930c0671af87bbed9e50642e4e9e61d004307621f1657356cd53c0d9afde17858dc0eafd4fe25c069601d3372a7515cbbc271aa07a1650084421ca22ebc5b985
SSDEEP

1536:ecNzMUageGNicv4UnttT+z8kdPq8mFzaICS4A20hhonRxk+JhQApLajg5NT:vNzTaJ1vYUvy8EzZ00hCnRxrJhQdjg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 4392	2824	regsvr32.exe	83
PID 2824 wrote to memory of 4392	2824	regsvr32.exe	83
PID 2824 wrote to memory of 4392	2824	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0085b8eb08126f0acd1e3a12b579e28d_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0085b8eb08126f0acd1e3a12b579e28d_JaffaCakes118.dll
  2⤵
  PID:4392