571dab4bc3203e9c545a0f2dfdd8984dcf0580f2d4259094d599f90d00457b85

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 16:15

Target

07a5ccf44af5ef1d336a83c4899d0c7e_JaffaCakes118.dll
Size

330KB
MD5

07a5ccf44af5ef1d336a83c4899d0c7e
SHA1

8d4215fb987c3faf61991d283125c1a86c705ac2
SHA256

571dab4bc3203e9c545a0f2dfdd8984dcf0580f2d4259094d599f90d00457b85
SHA512

1cf5fa1ce8feed9198c6eab66872a196b6b3dd4e328cac761ec8a78dd0e68b22a62c264ce2545c5363efa162eef204d05794c1b13dfb42b8b57c13207fb5eda9
SSDEEP

6144:7rf6NxyZZ5cw+omyZs2MO7chmSkLFd2hhWtCnMj+g:7ryN8T5c1wtMOQmNd2fWtWg

Score

1^/10

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{640167b4-59b0-47a6-b335-a6b3c0695aea}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{640167b4-59b0-47a6-b335-a6b3c0695aea}\InProcServer32	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2912	2292	regsvr32.exe	83
PID 2292 wrote to memory of 2912	2292	regsvr32.exe	83
PID 2292 wrote to memory of 2912	2292	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\07a5ccf44af5ef1d336a83c4899d0c7e_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\07a5ccf44af5ef1d336a83c4899d0c7e_JaffaCakes118.dll
  2⤵
  - Modifies registry class
  PID:2912

C:\Users\Admin\AppData\Local\Temp\RGI5062.tmp

Filesize
1KB

MD5
c863b539c3068512e229dafc1942bb63

SHA1
7d5375a122a0dff6cf20427741b084e215488ec1

SHA256
1ab60cfc0a8e5fec4c03149cb9c45b1abb1ff0ca950e4e40bc14e9e36fc59824

SHA512
2d0138acf24c14dbf3aeb944025cbe174564a68694dcdd960b8b150993fb7142c45babed4d429a8ad45297448a3474d3edc99c4a2c2756f375442e2eba3a2057

Download Submit