9a168220f3adac2609438f399a417b54352b89346853b8c32cdd8beef753abda

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 09:04

Target

049039743714a8bfb9e82d03e888e055_JaffaCakes118.dll
Size

245KB
MD5

049039743714a8bfb9e82d03e888e055
SHA1

32f1b311f7fe6fc9e0c6cb56d9b7751ae3e8a2fd
SHA256

9a168220f3adac2609438f399a417b54352b89346853b8c32cdd8beef753abda
SHA512

6f09db558868cbfa76f2a8489bc8259a0507993485a750c6b5a5733ddd09b5fdba5fac261b1ebcd601fb7ba072bc5199bf09e38984eab53386034a7bff49e6bf
SSDEEP

3072:AaomidlGaomidlGaomidlGaomidlGaomidlGaomidlGaomidl:Ax/Sx/Sx/Sx/Sx/Sx/Sx/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3948 wrote to memory of 3508	3948	regsvr32.exe	83
PID 3948 wrote to memory of 3508	3948	regsvr32.exe	83
PID 3948 wrote to memory of 3508	3948	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\049039743714a8bfb9e82d03e888e055_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3948
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\049039743714a8bfb9e82d03e888e055_JaffaCakes118.dll
  2⤵
  PID:3508