6124f6ffbc4c0d0a10dfdb506a9e273fdcfaaaad51f90416fc8396dbd10571e8

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 09:18

Target

256b4a3a5b32f69aab48e5b57fe487ba_JaffaCakes118.dll
Size

18KB
MD5

256b4a3a5b32f69aab48e5b57fe487ba
SHA1

3ca83e9af4728b53a601eca54683d2967f1e7530
SHA256

6124f6ffbc4c0d0a10dfdb506a9e273fdcfaaaad51f90416fc8396dbd10571e8
SHA512

1659c0303a4c079412cc97f63227068ec5e69e51b77f1d507cde1f8b8dcca6489323c1620a76024618d173e4f508b8993a0fce60d29a20398880ab91345227f0
SSDEEP

192:SrRaezg6/ouXHER6y1RsjkbkKEmYmux0uAjuVVKJFuZNwY+g8kaCEW1kCUMU0r+:SMj6/RyX2kbjJY55Inh3kXBW0

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 2084	2284	regsvr32.exe	28
PID 2284 wrote to memory of 2084	2284	regsvr32.exe	28
PID 2284 wrote to memory of 2084	2284	regsvr32.exe	28
PID 2284 wrote to memory of 2084	2284	regsvr32.exe	28
PID 2284 wrote to memory of 2084	2284	regsvr32.exe	28
PID 2284 wrote to memory of 2084	2284	regsvr32.exe	28
PID 2284 wrote to memory of 2084	2284	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\256b4a3a5b32f69aab48e5b57fe487ba_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\256b4a3a5b32f69aab48e5b57fe487ba_JaffaCakes118.dll
  2⤵
  PID:2084