e5b6877976916efeeab43d866804628b064ae65256518669343abdf93e8f68e8

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 04:20

Target

02c2d7053605e7dc2f78063b29c9df7c_JaffaCakes118.dll
Size

82KB
MD5

02c2d7053605e7dc2f78063b29c9df7c
SHA1

cac7568e0710b0d6db40268819c91fee44821abd
SHA256

e5b6877976916efeeab43d866804628b064ae65256518669343abdf93e8f68e8
SHA512

19fee2a7e1a7e4b3abebf6604749721cce48124a8d84ece0ed9d139893302d3b1b3eec2b403c8ebaf20efd3fec7b5603254119b0447ec4e147b761b2db025800
SSDEEP

1536:cydBGkdg0dr/msryn0jxMjDn66JqJVFDXzICkUHXWDQ8jYwpTgWpjXHx:9ikdisryn0OqJvZjXWzPMyh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2096	2060	regsvr32.exe	28
PID 2060 wrote to memory of 2096	2060	regsvr32.exe	28
PID 2060 wrote to memory of 2096	2060	regsvr32.exe	28
PID 2060 wrote to memory of 2096	2060	regsvr32.exe	28
PID 2060 wrote to memory of 2096	2060	regsvr32.exe	28
PID 2060 wrote to memory of 2096	2060	regsvr32.exe	28
PID 2060 wrote to memory of 2096	2060	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\02c2d7053605e7dc2f78063b29c9df7c_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\02c2d7053605e7dc2f78063b29c9df7c_JaffaCakes118.dll
  2⤵
  PID:2096

memory/2096-0-0x0000000000200000-0x000000000023E000-memory.dmp

Filesize
248KB

Download