eeba05e10fc3ad6395a75ac4e5809ba76dbefcf3bc97516d647cbf6ba32c5ed2

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 12:18

Target

15fa51bf85ffb0739ba5e435229a6acd_JaffaCakes118.dll
Size

158KB
MD5

15fa51bf85ffb0739ba5e435229a6acd
SHA1

63a5c489de0aea69aa2916f681be6e23724202e8
SHA256

eeba05e10fc3ad6395a75ac4e5809ba76dbefcf3bc97516d647cbf6ba32c5ed2
SHA512

f3a62a30fc0b43269b8b5ad667fdaba3b22b9e23654adec406ee04ea46b3f2a5ee97b419bc18132c69c7db62582fc7dde0883df19c41a2d2f0fdbd17c6124979
SSDEEP

3072:5FVRIUl/Hl9rKMpmQttE7ZDiCmlj3N8M:9jl/b2MQatE7ZDiCmIM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 2232	1276	regsvr32.exe	28
PID 1276 wrote to memory of 2232	1276	regsvr32.exe	28
PID 1276 wrote to memory of 2232	1276	regsvr32.exe	28
PID 1276 wrote to memory of 2232	1276	regsvr32.exe	28
PID 1276 wrote to memory of 2232	1276	regsvr32.exe	28
PID 1276 wrote to memory of 2232	1276	regsvr32.exe	28
PID 1276 wrote to memory of 2232	1276	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\15fa51bf85ffb0739ba5e435229a6acd_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\15fa51bf85ffb0739ba5e435229a6acd_JaffaCakes118.dll
  2⤵
  PID:2232

memory/2232-0-0x0000000000150000-0x0000000000193000-memory.dmp

Filesize
268KB

Download