447173fbb17a0d53eb4326bedc54d59fa047000fb83e818471e46cc8bfa12a62

Analysis

max time kernel
136s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 16:57

Target

07fc68b0e7fd4fd97b96d4e6862b07b1_JaffaCakes118.dll
Size

144KB
MD5

07fc68b0e7fd4fd97b96d4e6862b07b1
SHA1

5ff86ed7e52ff3fb49fe162b778be7edf3708978
SHA256

447173fbb17a0d53eb4326bedc54d59fa047000fb83e818471e46cc8bfa12a62
SHA512

5fe7a58094f6606476be88d22519a437b0306acdbfabb3af227bf6b8c35c58bd67e8cda978c2623f4d563f3949f3823ccc946359e0b0a69ab2168e90ff197e51
SSDEEP

3072:Zc2i2+U0hfD3xVkONgpoySELW3WkIxKtAbQMoC8koH7IwJyCdm:veUGf9inL1RKqbQMo7kw9P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2040	2156	regsvr32.exe	90
PID 2156 wrote to memory of 2040	2156	regsvr32.exe	90
PID 2156 wrote to memory of 2040	2156	regsvr32.exe	90

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\07fc68b0e7fd4fd97b96d4e6862b07b1_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\07fc68b0e7fd4fd97b96d4e6862b07b1_JaffaCakes118.dll
  2⤵
  PID:2040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2900,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=2904 /prefetch:8
1⤵
PID:3944

memory/2040-0-0x0000000000730000-0x0000000000759000-memory.dmp

Filesize
164KB

Download