c474a2104b1fe7b5d72575fc9e9a82e55da935e9e00d0c2ce5ca5efde9081091

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 09:30

Target

07b72194fa5476cb33ad7a975f548b3c_JaffaCakes118.dll
Size

105KB
MD5

07b72194fa5476cb33ad7a975f548b3c
SHA1

591b1f626843778886637d79541af82cbca1367b
SHA256

c474a2104b1fe7b5d72575fc9e9a82e55da935e9e00d0c2ce5ca5efde9081091
SHA512

2883bd473fa1e29d702ad81f1348fe5a3b67b348f883d917b685c6cc51fa613a4004c4ad7dc89e4dca4cb1b1c675737036b696105f318a9620e1c495e749f6a9
SSDEEP

1536:+pEagR3hgI5kRaOFAYHp8bWvxAGT9AMZweh7uj2hllaMYukAOd5CWziv87:FaG3RYldZ7Zwedhdud5CWziv87

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 2664	1400	regsvr32.exe	84
PID 1400 wrote to memory of 2664	1400	regsvr32.exe	84
PID 1400 wrote to memory of 2664	1400	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\07b72194fa5476cb33ad7a975f548b3c_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\07b72194fa5476cb33ad7a975f548b3c_JaffaCakes118.dll
  2⤵
  PID:2664

memory/2664-1-0x0000000067000000-0x0000000067021000-memory.dmp

Filesize
132KB

Download
memory/2664-0-0x0000000067001000-0x0000000067002000-memory.dmp

Filesize
4KB

Download
memory/2664-2-0x0000000067000000-0x0000000067021000-memory.dmp

Filesize
132KB

Download