928cf9783ffc43e412a719c630ee26a605cb27068cdc89f677790467b695241b

Analysis

max time kernel
53s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 18:43

Target

1c18fcc0fea3dc6a6d3af73b579bc823_JaffaCakes118.dll
Size

290KB
MD5

1c18fcc0fea3dc6a6d3af73b579bc823
SHA1

cfe43b66bc2216d469749400cd394fbec1278794
SHA256

928cf9783ffc43e412a719c630ee26a605cb27068cdc89f677790467b695241b
SHA512

210679a6beeecbf1790f8dfedba3a2ca8471ba41f5ebd938bac3084f09215fa88a2125444b831780742c58e045a5416d3abc05c269ebdbb94155ecdc2a8de59d
SSDEEP

6144:50Ow/caPtPC7wf+dbDTlDn+aC1meyUGimMiFPsELGeftvQDimq:5JM9q7Ndbn1W1meyUGp3FPsfeft4DPq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5012 wrote to memory of 4512	5012	regsvr32.exe	81
PID 5012 wrote to memory of 4512	5012	regsvr32.exe	81
PID 5012 wrote to memory of 4512	5012	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1c18fcc0fea3dc6a6d3af73b579bc823_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:5012
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1c18fcc0fea3dc6a6d3af73b579bc823_JaffaCakes118.dll
  2⤵
  PID:4512

memory/4512-0-0x0000000004190000-0x000000000422F000-memory.dmp

Filesize
636KB

Download