b7c446b78859c69bde120bd7170bb8a4f044247374182f976d97afcc06a85f84

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 14:32

Target

0e6d40a1507d9f1265c4d03d0b746d84_JaffaCakes118.dll
Size

69KB
MD5

0e6d40a1507d9f1265c4d03d0b746d84
SHA1

6bea400755f28492edc2a9afa2a50f637f0b7963
SHA256

b7c446b78859c69bde120bd7170bb8a4f044247374182f976d97afcc06a85f84
SHA512

ee6f48af7bdc3b785c5304bbda9f8c773bdfdd9537c7f7f59bb30f59229eac51522ae6926aad117cd7ffa1e48f6f9a52c1a4b3f177a4ea45cf1f0fd7af933260
SSDEEP

1536:1uHjJoMlPOUDILyJG1tTqiY074fE5g0FcfJ:1uFoM9O2IrTTqiY0cfWcf

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 1916	2916	regsvr32.exe	28
PID 2916 wrote to memory of 1916	2916	regsvr32.exe	28
PID 2916 wrote to memory of 1916	2916	regsvr32.exe	28
PID 2916 wrote to memory of 1916	2916	regsvr32.exe	28
PID 2916 wrote to memory of 1916	2916	regsvr32.exe	28
PID 2916 wrote to memory of 1916	2916	regsvr32.exe	28
PID 2916 wrote to memory of 1916	2916	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0e6d40a1507d9f1265c4d03d0b746d84_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0e6d40a1507d9f1265c4d03d0b746d84_JaffaCakes118.dll
  2⤵
  PID:1916