79790109bc96895ed36584e8215166ad33f58c98393009b7e0b4ee97b3c43f93

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 03:08

Target

246c2611d4874492859fe6281f18e477_JaffaCakes118.dll
Size

253KB
MD5

246c2611d4874492859fe6281f18e477
SHA1

43e1332cd620c30ca8b88b57c76041534d0bd041
SHA256

79790109bc96895ed36584e8215166ad33f58c98393009b7e0b4ee97b3c43f93
SHA512

3e912a3c47716d684b9c49eb5802dd2a21b7f37c3e122273061ecd8ead985ba9604932f3146dfcf39493deb157ace66280e509e23da430c7bd08b03d1ab9c38d
SSDEEP

6144:wp78nMINWDBVEASAL9Fl13ATzbttb8IWZ9f9:0IN8fEgsTXtmD

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 2032	2016	regsvr32.exe	28
PID 2016 wrote to memory of 2032	2016	regsvr32.exe	28
PID 2016 wrote to memory of 2032	2016	regsvr32.exe	28
PID 2016 wrote to memory of 2032	2016	regsvr32.exe	28
PID 2016 wrote to memory of 2032	2016	regsvr32.exe	28
PID 2016 wrote to memory of 2032	2016	regsvr32.exe	28
PID 2016 wrote to memory of 2032	2016	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\246c2611d4874492859fe6281f18e477_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\246c2611d4874492859fe6281f18e477_JaffaCakes118.dll
  2⤵
  PID:2032