30ea825944e51d0787c6909fa23e4154b0494a12cddc78af33cd1ef327dd43bd

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 01:41

Target

01c5318288d365ad150cb54e8a53f6fa_JaffaCakes118.dll
Size

217KB
MD5

01c5318288d365ad150cb54e8a53f6fa
SHA1

e5f4ed7c127ccbbc1b172670cdfc3bce866b45e7
SHA256

30ea825944e51d0787c6909fa23e4154b0494a12cddc78af33cd1ef327dd43bd
SHA512

2c1ccfc3f5e8a9cb6b3ece0ed3c24b5813a1ed463b2da40082b800e9456ccc5f51f2996e98322f1b800a709dd951045b6c9c609161def130310e26ec3a09125e
SSDEEP

3072:QGAwu8SGAwu8SGAwu8SGAwu8SGAwu8SGAwu8SGAwu8:NAgAgAgAgAgAgA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2384	2368	regsvr32.exe	28
PID 2368 wrote to memory of 2384	2368	regsvr32.exe	28
PID 2368 wrote to memory of 2384	2368	regsvr32.exe	28
PID 2368 wrote to memory of 2384	2368	regsvr32.exe	28
PID 2368 wrote to memory of 2384	2368	regsvr32.exe	28
PID 2368 wrote to memory of 2384	2368	regsvr32.exe	28
PID 2368 wrote to memory of 2384	2368	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\01c5318288d365ad150cb54e8a53f6fa_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\01c5318288d365ad150cb54e8a53f6fa_JaffaCakes118.dll
  2⤵
  PID:2384

memory/2384-0-0x0000000000170000-0x000000000017D000-memory.dmp

Filesize
52KB

Download