b00ea42d64c75033e36c62b3baff01079abf3e67646ceff1f0c9733cdd2f70a8

Analysis

max time kernel
144s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 02:45

Target

20d1c822c857d41ba522d2fd18cbaacb_JaffaCakes118.dll
Size

530KB
MD5

20d1c822c857d41ba522d2fd18cbaacb
SHA1

31f9014d3d5ad1c292ca53ea0d9cb4a666f0c413
SHA256

b00ea42d64c75033e36c62b3baff01079abf3e67646ceff1f0c9733cdd2f70a8
SHA512

b345f52161c86914aa4eefa214237c76da0b876b41f9c207fa200d8438434bb157b73d8e3de04fcd7132fd98e696a51db7cf342aae18c98f3d2a5d621e8e3adf
SSDEEP

12288:WyF3SrUVaX7zyCyHHjDLLhSuZhqVSNlw8XkMgrNGq:WyF3Sr0aiC4vhSOhGSvbxgrAq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 1068	1980	regsvr32.exe	83
PID 1980 wrote to memory of 1068	1980	regsvr32.exe	83
PID 1980 wrote to memory of 1068	1980	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\20d1c822c857d41ba522d2fd18cbaacb_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\20d1c822c857d41ba522d2fd18cbaacb_JaffaCakes118.dll
  2⤵
  PID:1068

memory/1068-1-0x00000000009D0000-0x00000000009D2000-memory.dmp

Filesize
8KB

Download
memory/1068-0-0x0000000010000000-0x0000000010191000-memory.dmp

Filesize
1.6MB

Download