3703a11d6b5e8bfed19a675095dc01aa0ff2f9eeb731f77c264ec3c765a36aca

Analysis

max time kernel
142s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 14:22

Target

09076b0f3e8e9db254e135ab1c5efe82_JaffaCakes118.dll
Size

308KB
MD5

09076b0f3e8e9db254e135ab1c5efe82
SHA1

52c894382bfc40e838765f38531595dfb5ee6ad0
SHA256

3703a11d6b5e8bfed19a675095dc01aa0ff2f9eeb731f77c264ec3c765a36aca
SHA512

3458768ab66fac3333c92bd9b054dc81861461f1768a0f67dd5d94b0029305e24f6d4c4338c92c23b35817d153366a17893c83c02c2859029ccee1d9616f99da
SSDEEP

6144:QReuUYI/CiWDTpwhcQOL3+K9EAUUeJchE546qq1:QReuUYWCNDTpw/Oz9iApwcu5xqm

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 652 wrote to memory of 3204	652	regsvr32.exe	90
PID 652 wrote to memory of 3204	652	regsvr32.exe	90
PID 652 wrote to memory of 3204	652	regsvr32.exe	90

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\09076b0f3e8e9db254e135ab1c5efe82_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:652
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\09076b0f3e8e9db254e135ab1c5efe82_JaffaCakes118.dll
  2⤵
  PID:3204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1420 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:2040

memory/3204-0-0x000000005C170000-0x000000005C1BD000-memory.dmp

Filesize
308KB

Download