3c88129f246c1aa01fd48643c2ee827f9d73a2d324d458f20a7bed8c21ba117b

Analysis

max time kernel
140s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 07:45

Target

252854fed0ded8ee37e90274c8cf5a2d_JaffaCakes118.dll
Size

76KB
MD5

252854fed0ded8ee37e90274c8cf5a2d
SHA1

d5805e4792bdca1550aa28cce04d27dd158a2180
SHA256

3c88129f246c1aa01fd48643c2ee827f9d73a2d324d458f20a7bed8c21ba117b
SHA512

5e1994af641ece205ecf84aaf16dab0b7f32444c541b31cac09316907d104a32043cc75178fe1da5a590fe489c31d089e7208741e5e23a8ac0cfb04c59de2b83
SSDEEP

1536:7iCtvhgRsjSl7Ph4xwI/D0+xYfxiV6a/T4m9/ea+YmDJz05qB:9Z2s+lbh4SAo2bU6Z+XJwMB

Score

4^/10

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\gc322.tmp	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2560	2924	regsvr32.exe	28
PID 2924 wrote to memory of 2560	2924	regsvr32.exe	28
PID 2924 wrote to memory of 2560	2924	regsvr32.exe	28
PID 2924 wrote to memory of 2560	2924	regsvr32.exe	28
PID 2924 wrote to memory of 2560	2924	regsvr32.exe	28
PID 2924 wrote to memory of 2560	2924	regsvr32.exe	28
PID 2924 wrote to memory of 2560	2924	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\252854fed0ded8ee37e90274c8cf5a2d_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\252854fed0ded8ee37e90274c8cf5a2d_JaffaCakes118.dll
  2⤵
  - Drops file in Windows directory
  PID:2560

memory/2560-0-0x00000000001B0000-0x00000000001E0000-memory.dmp

Filesize
192KB

Download