cacc72598b8da4a8ad9139d9c4ec2dbcdd74d6c57ef68a55ae8ff47b33e49b5f

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 09:45

Target

07c91b55662a3601e6c90375e9f1af57_JaffaCakes118.dll
Size

109KB
MD5

07c91b55662a3601e6c90375e9f1af57
SHA1

145cb1eae120588fb8453121ff75d8be8339e5e2
SHA256

cacc72598b8da4a8ad9139d9c4ec2dbcdd74d6c57ef68a55ae8ff47b33e49b5f
SHA512

cbcf85e0a7df4e3530a10e77e83849c8ddd2c5367869b78f68f7afabe43327ff06e458855219d411a55522918888e0832985b6cc6faab5686cad02df283143ca
SSDEEP

3072:Qgidwne8NWtqLfkKg3s3ZZZJI0adaF0r5hWl7/MG:Qpdwne6RLfk3sprXada5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 4704	3356	regsvr32.exe	81
PID 3356 wrote to memory of 4704	3356	regsvr32.exe	81
PID 3356 wrote to memory of 4704	3356	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\07c91b55662a3601e6c90375e9f1af57_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\07c91b55662a3601e6c90375e9f1af57_JaffaCakes118.dll
  2⤵
  PID:4704

memory/4704-0-0x0000000067000000-0x0000000067024000-memory.dmp

Filesize
144KB

Download