3746cc246da5ed8605bf5f63123070291c57d7dc2d0429589fd5626adf1b5f13

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 08:52

Target

2556d56441a1ce5585f3ff1def492b7f_JaffaCakes118.dll
Size

51KB
MD5

2556d56441a1ce5585f3ff1def492b7f
SHA1

cf2a2ba20266bd1dc209aa6ed958d2b55b392882
SHA256

3746cc246da5ed8605bf5f63123070291c57d7dc2d0429589fd5626adf1b5f13
SHA512

87f09e0f18c7127f73492059e1ca104be9c1095cbe88f471ec672ee3f9de74d6434cdc66bb6541eb88a3eed6d934340058ebd594ea1da72f73d4a17e16aa7437
SSDEEP

768:thasQNdywdL+c7eeWO5da6wSc37YfjCCxuzCCUBNYS/gYQXVTf612aeJS661Cwbc:fNToLBT5da57Yfbx2SulT9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 532 wrote to memory of 1856	532	regsvr32.exe	81
PID 532 wrote to memory of 1856	532	regsvr32.exe	81
PID 532 wrote to memory of 1856	532	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2556d56441a1ce5585f3ff1def492b7f_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:532
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2556d56441a1ce5585f3ff1def492b7f_JaffaCakes118.dll
  2⤵
  PID:1856

memory/1856-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1856-1-0x0000000000B50000-0x0000000000B52000-memory.dmp

Filesize
8KB

Download