58e2e652ed7a83b5c2b04d00a937877c1d810f9fe34699f5741f7d2340bdaef4

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-06-2024 21:25

Target

0091e4d9a1abefdeb2afbd8b0b5d97e6_JaffaCakes118.dll
Size

624KB
MD5

0091e4d9a1abefdeb2afbd8b0b5d97e6
SHA1

b54e0a83aa6cf9f428476d1d7e95e8d52631c8d4
SHA256

58e2e652ed7a83b5c2b04d00a937877c1d810f9fe34699f5741f7d2340bdaef4
SHA512

260a1f9dd9575f0cc72bd62eefc4884801cd5c64ea1f0c2f2d662d9cb2c321ad79bd1f21e67b30c40b3701e5f7c27b21761e64041f188442db2f50c901a15426
SSDEEP

12288:QhE5x7eVymanr9jJtZN7ytZopEDfXKtopn7Bx5:9ekjJJ7ytepEDaS3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2828	2732	regsvr32.exe	28
PID 2732 wrote to memory of 2828	2732	regsvr32.exe	28
PID 2732 wrote to memory of 2828	2732	regsvr32.exe	28
PID 2732 wrote to memory of 2828	2732	regsvr32.exe	28
PID 2732 wrote to memory of 2828	2732	regsvr32.exe	28
PID 2732 wrote to memory of 2828	2732	regsvr32.exe	28
PID 2732 wrote to memory of 2828	2732	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0091e4d9a1abefdeb2afbd8b0b5d97e6_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0091e4d9a1abefdeb2afbd8b0b5d97e6_JaffaCakes118.dll
  2⤵
  PID:2828