b5cd7c03361a86d4eb293e8189f0b10b6275851fafe5c054240bb4d54ff1244e

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 01:25

Target

01b206834dcb02197954e84c9bf52c75_JaffaCakes118.dll
Size

31KB
MD5

01b206834dcb02197954e84c9bf52c75
SHA1

82a074af673491adde22d60b467de09a9f3b57ad
SHA256

b5cd7c03361a86d4eb293e8189f0b10b6275851fafe5c054240bb4d54ff1244e
SHA512

69e54a3aa991d7af96263d0b4b6c1a12d9d1fedab74a0bccce90d45b3a8d3fedcffe1a0ed039e86cafd042dd787f38def33e4c9d9a9dfb355229b6b72344f141
SSDEEP

384:SRNNe06t9hc6ifclTH3wc9MYJcVMSOs/mZuu2vGGXM936Fwovt638WIHuaO5:YeP9hPMqcVMSOkSw5Xa+Ww58

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2040	2204	regsvr32.exe	28
PID 2204 wrote to memory of 2040	2204	regsvr32.exe	28
PID 2204 wrote to memory of 2040	2204	regsvr32.exe	28
PID 2204 wrote to memory of 2040	2204	regsvr32.exe	28
PID 2204 wrote to memory of 2040	2204	regsvr32.exe	28
PID 2204 wrote to memory of 2040	2204	regsvr32.exe	28
PID 2204 wrote to memory of 2040	2204	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\01b206834dcb02197954e84c9bf52c75_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\01b206834dcb02197954e84c9bf52c75_JaffaCakes118.dll
  2⤵
  PID:2040

memory/2040-0-0x00000000000C0000-0x00000000000CD000-memory.dmp

Filesize
52KB

Download