c8f6e28bb3c7a18b70f74e9bd809a7665f8d1f6ac1d9f847da5cd750d3baa768

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 22:56

Target

23bffa301e79d083659bf0dcad4f511f_JaffaCakes118.dll
Size

1.2MB
MD5

23bffa301e79d083659bf0dcad4f511f
SHA1

aee3667555306719c6fbee5b9211f20d97d06ef1
SHA256

c8f6e28bb3c7a18b70f74e9bd809a7665f8d1f6ac1d9f847da5cd750d3baa768
SHA512

3f85126ad6d88d6b2c7771e5908ce39789ecf0bce4490809261dca203ea60c1f27157fa2f3d5563888ceac83989ea645ee304d628daf945552d31b3b29c75ad9
SSDEEP

24576:yjoCdZc7lNQl2iYA6/t7EO+JBWvxMF48SWYvFvYb+uh:yzdZ+u2j/t7uJMveYvtYP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 4668	4420	regsvr32.exe	81
PID 4420 wrote to memory of 4668	4420	regsvr32.exe	81
PID 4420 wrote to memory of 4668	4420	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\23bffa301e79d083659bf0dcad4f511f_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\23bffa301e79d083659bf0dcad4f511f_JaffaCakes118.dll
  2⤵
  PID:4668

memory/4668-3-0x0000000002780000-0x000000000281D000-memory.dmp

Filesize
628KB

Download
memory/4668-2-0x0000000002690000-0x0000000002772000-memory.dmp

Filesize
904KB

Download
memory/4668-4-0x0000000002820000-0x00000000029BE000-memory.dmp

Filesize
1.6MB

Download
memory/4668-1-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

Filesize
4KB

Download
memory/4668-0-0x0000000000400000-0x000000000053B000-memory.dmp

Filesize
1.2MB

Download
memory/4668-6-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

Filesize
4KB

Download
memory/4668-5-0x0000000000400000-0x000000000053B000-memory.dmp

Filesize
1.2MB

Download