38e6b4702028ed3ca58db2643659c9359b1b98dc48fc13bf4755dc27a876e95b

Analysis

max time kernel
122s
max time network
133s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 04:02

Target

02a6a6b616d1c76e45c400e5996c0d9c_JaffaCakes118.dll
Size

35KB
MD5

02a6a6b616d1c76e45c400e5996c0d9c
SHA1

4d16d6ab56dcea51be4cdf50648d3584f94a54c3
SHA256

38e6b4702028ed3ca58db2643659c9359b1b98dc48fc13bf4755dc27a876e95b
SHA512

905134f3a73c9b7c70031b7c2edaf3f94568f3a890350cf0a5102ce57e6769e66464e91e5b394d124e2ec8c279f010d05998becebf7ad0441d4f1dcc5bd099bc
SSDEEP

768:l3I/QHXsSJDOf8vgRZqRY5dACQK6kGwom:eo3nJDFwZqRY5dK9m

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 2096	1052	regsvr32.exe	28
PID 1052 wrote to memory of 2096	1052	regsvr32.exe	28
PID 1052 wrote to memory of 2096	1052	regsvr32.exe	28
PID 1052 wrote to memory of 2096	1052	regsvr32.exe	28
PID 1052 wrote to memory of 2096	1052	regsvr32.exe	28
PID 1052 wrote to memory of 2096	1052	regsvr32.exe	28
PID 1052 wrote to memory of 2096	1052	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\02a6a6b616d1c76e45c400e5996c0d9c_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\02a6a6b616d1c76e45c400e5996c0d9c_JaffaCakes118.dll
  2⤵
  PID:2096

memory/2096-0-0x0000000000180000-0x000000000018E000-memory.dmp

Filesize
56KB

Download