55271780f789bc67a4076e7afd4ec324950ac0811ad20723c166b8539c22826c

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 05:46

Target

2146edfbf4aad32139d278d32a425d0d_JaffaCakes118.dll
Size

1.4MB
MD5

2146edfbf4aad32139d278d32a425d0d
SHA1

37ba761649fad85ef495dfe96f5447a0b4eb3afc
SHA256

55271780f789bc67a4076e7afd4ec324950ac0811ad20723c166b8539c22826c
SHA512

ab531a3107c74dcf7d1b5fb6c5346913bb2871ef4689d056bf2d3a2734573496639549a5eace15bb418ad3f536990d53330e947f68a1a78e534ee2148672d11d
SSDEEP

24576:wA800NwgiWT5xGLhBgiQIfokGkZGdnDN31CpTO51fQ9nzlwmP1c:IGYV0BtoJNffEnzlrPC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2956	2884	regsvr32.exe	28
PID 2884 wrote to memory of 2956	2884	regsvr32.exe	28
PID 2884 wrote to memory of 2956	2884	regsvr32.exe	28
PID 2884 wrote to memory of 2956	2884	regsvr32.exe	28
PID 2884 wrote to memory of 2956	2884	regsvr32.exe	28
PID 2884 wrote to memory of 2956	2884	regsvr32.exe	28
PID 2884 wrote to memory of 2956	2884	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2146edfbf4aad32139d278d32a425d0d_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2146edfbf4aad32139d278d32a425d0d_JaffaCakes118.dll
  2⤵
  PID:2956