3703a11d6b5e8bfed19a675095dc01aa0ff2f9eeb731f77c264ec3c765a36aca

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 14:22

Target

09076b0f3e8e9db254e135ab1c5efe82_JaffaCakes118.dll
Size

308KB
MD5

09076b0f3e8e9db254e135ab1c5efe82
SHA1

52c894382bfc40e838765f38531595dfb5ee6ad0
SHA256

3703a11d6b5e8bfed19a675095dc01aa0ff2f9eeb731f77c264ec3c765a36aca
SHA512

3458768ab66fac3333c92bd9b054dc81861461f1768a0f67dd5d94b0029305e24f6d4c4338c92c23b35817d153366a17893c83c02c2859029ccee1d9616f99da
SSDEEP

6144:QReuUYI/CiWDTpwhcQOL3+K9EAUUeJchE546qq1:QReuUYWCNDTpw/Oz9iApwcu5xqm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 1432	2172	regsvr32.exe	28
PID 2172 wrote to memory of 1432	2172	regsvr32.exe	28
PID 2172 wrote to memory of 1432	2172	regsvr32.exe	28
PID 2172 wrote to memory of 1432	2172	regsvr32.exe	28
PID 2172 wrote to memory of 1432	2172	regsvr32.exe	28
PID 2172 wrote to memory of 1432	2172	regsvr32.exe	28
PID 2172 wrote to memory of 1432	2172	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\09076b0f3e8e9db254e135ab1c5efe82_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\09076b0f3e8e9db254e135ab1c5efe82_JaffaCakes118.dll
  2⤵
  PID:1432