2019889d2c1eafa4edbfb5cd5a98f02a536c503001e6ea34aff1a4abc71d06e0

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 02:50

Target

18854c436ffc0d8b2e4e254359971f9a_JaffaCakes118.dll
Size

167KB
MD5

18854c436ffc0d8b2e4e254359971f9a
SHA1

6b8096d88d05f7d731adf25e9b5022559597645a
SHA256

2019889d2c1eafa4edbfb5cd5a98f02a536c503001e6ea34aff1a4abc71d06e0
SHA512

29e75fe1bc9f0ccec40fa0eb00f56007b47fda8e9e187a834676e6184bba2a8920911c33457cc6a29f23fde034e1b0ee484c38fa0ebf410923e13bb088f698aa
SSDEEP

1536:bxEUbiiDIGEiDClVDheAmn3EoqwHCVApJRBanU7RLPvTSlCLJZ1UD13FXRV:bxWcI7DDHm3EvQCVo3JPvqCBUDXXv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2004	2292	regsvr32.exe	28
PID 2292 wrote to memory of 2004	2292	regsvr32.exe	28
PID 2292 wrote to memory of 2004	2292	regsvr32.exe	28
PID 2292 wrote to memory of 2004	2292	regsvr32.exe	28
PID 2292 wrote to memory of 2004	2292	regsvr32.exe	28
PID 2292 wrote to memory of 2004	2292	regsvr32.exe	28
PID 2292 wrote to memory of 2004	2292	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\18854c436ffc0d8b2e4e254359971f9a_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\18854c436ffc0d8b2e4e254359971f9a_JaffaCakes118.dll
  2⤵
  PID:2004

memory/2004-0-0x0000000000220000-0x0000000000266000-memory.dmp

Filesize
280KB

Download