df65d7c77fd6a0c7b715a0812d938c8e384f9b279d470846a3ba5e48ecf293a8

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 15:13

Target

0941306b2600842a9d8eb8e0a23e0a30_JaffaCakes118.dll
Size

253KB
MD5

0941306b2600842a9d8eb8e0a23e0a30
SHA1

e42288f4be47ad12226ed3a7f75a69602e3fcb6f
SHA256

df65d7c77fd6a0c7b715a0812d938c8e384f9b279d470846a3ba5e48ecf293a8
SHA512

c2f2230bd60b76a3c7c2b69d36062836529303fe0686faa1313f2960480cebaf4d0d6fdfea65f163012cf3667ca63a496ff6fc145032aecbcdee07f9fb325369
SSDEEP

6144:wp78nMINWDBVEASAN9Fl13ATzbttb8IWZ9f9:0IN8fEOsTXtmD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1116 wrote to memory of 2508	1116	regsvr32.exe	83
PID 1116 wrote to memory of 2508	1116	regsvr32.exe	83
PID 1116 wrote to memory of 2508	1116	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0941306b2600842a9d8eb8e0a23e0a30_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1116
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0941306b2600842a9d8eb8e0a23e0a30_JaffaCakes118.dll
  2⤵
  PID:2508