9e6b251e7ef4e8816e009ccc67b4291ad30a4c0eb6fcef8a7f5f398529880dc3

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 02:11

Target

0bfe7b43e13eeddc8e3a0dc8a7c243be_JaffaCakes118.dll
Size

139KB
MD5

0bfe7b43e13eeddc8e3a0dc8a7c243be
SHA1

e1aac64b91ef43c89e2a3749335a2f7675a5c4db
SHA256

9e6b251e7ef4e8816e009ccc67b4291ad30a4c0eb6fcef8a7f5f398529880dc3
SHA512

50ff7e6d08043c3bab4cf608dcac643566bb4030f855912da465830e08ed8c42996b816f73f3ed68ca15539b9bc2a1654ccc3705177f68bf31decb7eaec99e61
SSDEEP

3072:ja04dCHu3Bd4j7xbSfOiMS+7yMQYr+NtJ1oLRyGleAy:+0bIgbA8GFYr+NtfFd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 3880	1204	regsvr32.exe	81
PID 1204 wrote to memory of 3880	1204	regsvr32.exe	81
PID 1204 wrote to memory of 3880	1204	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0bfe7b43e13eeddc8e3a0dc8a7c243be_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0bfe7b43e13eeddc8e3a0dc8a7c243be_JaffaCakes118.dll
  2⤵
  PID:3880