92170cb9174118b0a4b1de36d35da5ef2e313ad4a67dac7e6dc3e254813f88c0

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 12:20

Target

05ef3c1d360c86a9243b72af5106fde6_JaffaCakes118.dll
Size

89KB
MD5

05ef3c1d360c86a9243b72af5106fde6
SHA1

dffb010027b35094e68e2bbd2cd97387f41c2ecd
SHA256

92170cb9174118b0a4b1de36d35da5ef2e313ad4a67dac7e6dc3e254813f88c0
SHA512

ac9dc740a22e22eb6c9ed4f9e8017d6734dc273f69f1a5a8154feed0fa91727bc2a0aa026e10b1028122e4fd3ec36c4c2e8b3b8a6a555c1428e9658c7e9ca0d5
SSDEEP

1536:z2Wzq/W5xgp67akOIXG8Lei2/ct6jwOJSp3WD85G1hM0XsjyNlWdhxQxDbjvli2n:r0/0OcBpzU/M4Cquy/joOf

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 1592	2820	regsvr32.exe	28
PID 2820 wrote to memory of 1592	2820	regsvr32.exe	28
PID 2820 wrote to memory of 1592	2820	regsvr32.exe	28
PID 2820 wrote to memory of 1592	2820	regsvr32.exe	28
PID 2820 wrote to memory of 1592	2820	regsvr32.exe	28
PID 2820 wrote to memory of 1592	2820	regsvr32.exe	28
PID 2820 wrote to memory of 1592	2820	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\05ef3c1d360c86a9243b72af5106fde6_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\05ef3c1d360c86a9243b72af5106fde6_JaffaCakes118.dll
  2⤵
  PID:1592

memory/1592-0-0x0000000000210000-0x0000000000253000-memory.dmp

Filesize
268KB

Download