0bb1bf5da9bd20586e5630f2b11c87c209038511cd342ce13d33fb7abd296cfe

Analysis

max time kernel
139s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 08:22

Target

154e597cf6616142f0c5e47c51c63a5f_JaffaCakes118.dll
Size

220KB
MD5

154e597cf6616142f0c5e47c51c63a5f
SHA1

96fa6944b31157e961bcadf8d24d89fd85ceb6a4
SHA256

0bb1bf5da9bd20586e5630f2b11c87c209038511cd342ce13d33fb7abd296cfe
SHA512

0074f75ea64616eb7a9aeeb6f4e2217e9d0f9ed4aaa94e94fd247ca9015dc18f647edd9c2d266c039cc6339d998da5651a5dd93d8813d6dccad23e8056456fc8
SSDEEP

3072:CjlKTiGjlKTiGjlKTiGjlKTiGjlKTiGjlKTiGjlKTi:elKTblKTblKTblKTblKTblKTblKT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4436 wrote to memory of 232	4436	regsvr32.exe	83
PID 4436 wrote to memory of 232	4436	regsvr32.exe	83
PID 4436 wrote to memory of 232	4436	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\154e597cf6616142f0c5e47c51c63a5f_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4436
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\154e597cf6616142f0c5e47c51c63a5f_JaffaCakes118.dll
  2⤵
  PID:232