723e613c7f65979f9bdc3dda828a1969924978689631f7525c5f27b3032dae4b

Analysis

max time kernel
132s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 22:18

Target

0fbae5b3d1750907fe7ef69a58ff9f8f_JaffaCakes118.dll
Size

32KB
MD5

0fbae5b3d1750907fe7ef69a58ff9f8f
SHA1

2bff80cea90115f6fd96487dd0b4c41a15d63187
SHA256

723e613c7f65979f9bdc3dda828a1969924978689631f7525c5f27b3032dae4b
SHA512

9491f51460af9d65444ff5e745ec5f7bc228eab7c26d1655f81cda5dbd17de8ccf4f2dadfe169c55b03221ef2d26d3d40acbc6d27a1c11ce8863c44c4d8acae3
SSDEEP

768:W6rnBGayIbnTPVnUNWYoAhv12cr3G0x/t5qJ:QayIbnTqNyEv12ORS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 1796	2084	regsvr32.exe	83
PID 2084 wrote to memory of 1796	2084	regsvr32.exe	83
PID 2084 wrote to memory of 1796	2084	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0fbae5b3d1750907fe7ef69a58ff9f8f_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0fbae5b3d1750907fe7ef69a58ff9f8f_JaffaCakes118.dll
  2⤵
  PID:1796