6d7e85c59dca98d7944a8027dbfea2ae3d0254f754c374b808d8650ef415434f

Analysis

max time kernel
135s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 07:58

Target

0431a9ae00bac5fb27ff5e79016cfcf8_JaffaCakes118.dll
Size

640KB
MD5

0431a9ae00bac5fb27ff5e79016cfcf8
SHA1

4b1f354116b5adfa536c014d322d47a70c6f6bae
SHA256

6d7e85c59dca98d7944a8027dbfea2ae3d0254f754c374b808d8650ef415434f
SHA512

99c39b5f931adef6149eeb61bd94688b6a78417ca7b742592fb417680bfaaa3fd4b166eb11026237516b78c326cea50de4019890dedb18e7bcfb26af1990cb85
SSDEEP

12288:mAhE5lZgC/AAEMmNxXKZosEDfXKtoJiEn7B+Z7zdog1R/3ZmNP:mjmHKesEDaSMH7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3696 wrote to memory of 4892	3696	regsvr32.exe	82
PID 3696 wrote to memory of 4892	3696	regsvr32.exe	82
PID 3696 wrote to memory of 4892	3696	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0431a9ae00bac5fb27ff5e79016cfcf8_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3696
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0431a9ae00bac5fb27ff5e79016cfcf8_JaffaCakes118.dll
  2⤵
  PID:4892