1b451adbebf860966630df870e2c152dcc99b123c55c3c3848bb633284d4d9fb

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 09:56

Target

21ef602172abca7dc1b0b53e8f36360f_JaffaCakes118.dll
Size

256KB
MD5

21ef602172abca7dc1b0b53e8f36360f
SHA1

80d15ae2c3dff67f5613a467fbaa7bae3a2c8e5f
SHA256

1b451adbebf860966630df870e2c152dcc99b123c55c3c3848bb633284d4d9fb
SHA512

22c5687f800169dc79c6bbcea24c2de3c7220bae3ccf6ba6d2693521bdddd6a2763ac41cc509e3fcf010f5f379520ce83f288951fb61e4181af771721590f59a
SSDEEP

3072:EBB3ZWCmo46T+k10B0v4Y0dTROO5wBHw58WTJ9KhFhagYf2nD/g6O3asxIbv7e:2pWJna10B0w5qMwNw58WTJ1D2n7gQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2856	2844	regsvr32.exe	28
PID 2844 wrote to memory of 2856	2844	regsvr32.exe	28
PID 2844 wrote to memory of 2856	2844	regsvr32.exe	28
PID 2844 wrote to memory of 2856	2844	regsvr32.exe	28
PID 2844 wrote to memory of 2856	2844	regsvr32.exe	28
PID 2844 wrote to memory of 2856	2844	regsvr32.exe	28
PID 2844 wrote to memory of 2856	2844	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\21ef602172abca7dc1b0b53e8f36360f_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\21ef602172abca7dc1b0b53e8f36360f_JaffaCakes118.dll
  2⤵
  PID:2856

memory/2856-0-0x0000000074840000-0x0000000074880000-memory.dmp

Filesize
256KB

Download
memory/2856-2-0x0000000074840000-0x0000000074880000-memory.dmp

Filesize
256KB

Download
memory/2856-1-0x0000000074843000-0x000000007486C000-memory.dmp

Filesize
164KB

Download
memory/2856-3-0x00000000002B0000-0x00000000002B5000-memory.dmp

Filesize
20KB

Download
memory/2856-4-0x00000000002D0000-0x00000000002F5000-memory.dmp

Filesize
148KB

Download