3ec3cb1ac8a2939d3a31905e2a056fa506dcf54650659e780ed79f600b8215be

Analysis

max time kernel
133s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 14:34

Target

22b3a54794cb99297444f1557e824d08_JaffaCakes118.dll
Size

96KB
MD5

22b3a54794cb99297444f1557e824d08
SHA1

d94708fe0e152b84c66c32bc6f7cef73ea29a2a4
SHA256

3ec3cb1ac8a2939d3a31905e2a056fa506dcf54650659e780ed79f600b8215be
SHA512

14b5f30701f4b8a4390c6b03d4b72ee275d63c9ae645f6f9a93ee0dcd5d7b0cdd7dc8159bd63b79008a29dd776654f0ecaf04ff2d55c6a3b51136f92c784e539
SSDEEP

1536:vMqzW7JoS7qxgY96riqT2KazWkokkkkkkotV74wooRRvNHi:v5OK1bzWkokkkkkkcVUwooR

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3632 wrote to memory of 3732	3632	regsvr32.exe	83
PID 3632 wrote to memory of 3732	3632	regsvr32.exe	83
PID 3632 wrote to memory of 3732	3632	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\22b3a54794cb99297444f1557e824d08_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3632
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\22b3a54794cb99297444f1557e824d08_JaffaCakes118.dll
  2⤵
  PID:3732

memory/3732-0-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download