6193ddb8d698c5eda1ac0bf0611a6a0f6e45171c8d3eb00c328cd8307f4a4c09

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 05:34

Target

03435bead88248aaa9488748910c253f_JaffaCakes118.dll
Size

57KB
MD5

03435bead88248aaa9488748910c253f
SHA1

06d717b127fd828d9db96007638269729327c9e4
SHA256

6193ddb8d698c5eda1ac0bf0611a6a0f6e45171c8d3eb00c328cd8307f4a4c09
SHA512

82a57a0e283eeecb359315089fa71f96a0c3b5d868a835b8532bcb5b8750cfbeaf3e8bcd701fd729d107bb71ae111d08f830e664bc410be730f269d23a3dadd1
SSDEEP

1536:PAq1mQqz+yyX1leWOfFyqNlMjgA7I9cyDEmQ3HLEw:tm3zUDepyOonI+yDEmQ3ww

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 3704 wrote to memory of 4884	3704	regsvr32.exe	regsvr32.exe
PID 3704 wrote to memory of 4884	3704	regsvr32.exe	regsvr32.exe
PID 3704 wrote to memory of 4884	3704	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\03435bead88248aaa9488748910c253f_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3704

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\03435bead88248aaa9488748910c253f_JaffaCakes118.dll
2⤵
PID:4884