571dab4bc3203e9c545a0f2dfdd8984dcf0580f2d4259094d599f90d00457b85

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 16:15

Target

07a5ccf44af5ef1d336a83c4899d0c7e_JaffaCakes118.dll
Size

330KB
MD5

07a5ccf44af5ef1d336a83c4899d0c7e
SHA1

8d4215fb987c3faf61991d283125c1a86c705ac2
SHA256

571dab4bc3203e9c545a0f2dfdd8984dcf0580f2d4259094d599f90d00457b85
SHA512

1cf5fa1ce8feed9198c6eab66872a196b6b3dd4e328cac761ec8a78dd0e68b22a62c264ce2545c5363efa162eef204d05794c1b13dfb42b8b57c13207fb5eda9
SSDEEP

6144:7rf6NxyZZ5cw+omyZs2MO7chmSkLFd2hhWtCnMj+g:7ryN8T5c1wtMOQmNd2fWtWg

Score

4^/10

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.app.log	regsvr32.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{640167b4-59b0-47a6-b335-a6b3c0695aea}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{640167b4-59b0-47a6-b335-a6b3c0695aea}\InProcServer32	regsvr32.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 376 wrote to memory of 2232	376	regsvr32.exe	28
PID 376 wrote to memory of 2232	376	regsvr32.exe	28
PID 376 wrote to memory of 2232	376	regsvr32.exe	28
PID 376 wrote to memory of 2232	376	regsvr32.exe	28
PID 376 wrote to memory of 2232	376	regsvr32.exe	28
PID 376 wrote to memory of 2232	376	regsvr32.exe	28
PID 376 wrote to memory of 2232	376	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\07a5ccf44af5ef1d336a83c4899d0c7e_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:376
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\07a5ccf44af5ef1d336a83c4899d0c7e_JaffaCakes118.dll
  2⤵
  - Drops file in Windows directory
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:2232