b00ea42d64c75033e36c62b3baff01079abf3e67646ceff1f0c9733cdd2f70a8

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 02:45

Target

20d1c822c857d41ba522d2fd18cbaacb_JaffaCakes118.dll
Size

530KB
MD5

20d1c822c857d41ba522d2fd18cbaacb
SHA1

31f9014d3d5ad1c292ca53ea0d9cb4a666f0c413
SHA256

b00ea42d64c75033e36c62b3baff01079abf3e67646ceff1f0c9733cdd2f70a8
SHA512

b345f52161c86914aa4eefa214237c76da0b876b41f9c207fa200d8438434bb157b73d8e3de04fcd7132fd98e696a51db7cf342aae18c98f3d2a5d621e8e3adf
SSDEEP

12288:WyF3SrUVaX7zyCyHHjDLLhSuZhqVSNlw8XkMgrNGq:WyF3Sr0aiC4vhSOhGSvbxgrAq

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 268	2372	regsvr32.exe	28
PID 2372 wrote to memory of 268	2372	regsvr32.exe	28
PID 2372 wrote to memory of 268	2372	regsvr32.exe	28
PID 2372 wrote to memory of 268	2372	regsvr32.exe	28
PID 2372 wrote to memory of 268	2372	regsvr32.exe	28
PID 2372 wrote to memory of 268	2372	regsvr32.exe	28
PID 2372 wrote to memory of 268	2372	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\20d1c822c857d41ba522d2fd18cbaacb_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\20d1c822c857d41ba522d2fd18cbaacb_JaffaCakes118.dll
  2⤵
  PID:268

memory/268-0-0x0000000010000000-0x0000000010191000-memory.dmp

Filesize
1.6MB

Download