99095d0cf0d6d64d3308162b2ea48ac5aa9b8cc789512d0302991be88fbcd074

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 19:06

Target

236f0fcb80078afc7c363f6c68ef2a72_JaffaCakes118.dll
Size

588KB
MD5

236f0fcb80078afc7c363f6c68ef2a72
SHA1

f918490d2189415fc88a4b7048a0bf1caff73956
SHA256

99095d0cf0d6d64d3308162b2ea48ac5aa9b8cc789512d0302991be88fbcd074
SHA512

de4aa5d34863916c1fa07e815676be2b0b6e70ae46bb74805cec7888a0d58316361e110a5336805c2629cf793b8b28e580845af9f59802aac4a65e60d7512f6e
SSDEEP

6144:ippYuwLhvY26Hk5UQqeqQuXf1JtxatxwITGPSnFpHujlK958P4RGJyZuFlBO:ipXIp6Enqeqb/GwITISnQQays+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2136	2952	regsvr32.exe	28
PID 2952 wrote to memory of 2136	2952	regsvr32.exe	28
PID 2952 wrote to memory of 2136	2952	regsvr32.exe	28
PID 2952 wrote to memory of 2136	2952	regsvr32.exe	28
PID 2952 wrote to memory of 2136	2952	regsvr32.exe	28
PID 2952 wrote to memory of 2136	2952	regsvr32.exe	28
PID 2952 wrote to memory of 2136	2952	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\236f0fcb80078afc7c363f6c68ef2a72_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\236f0fcb80078afc7c363f6c68ef2a72_JaffaCakes118.dll
  2⤵
  PID:2136