ac9b1d9815c452dfbc58e4968712f7e3d652647c08f9153f8453a063f7ca208c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 09:53

Target

258403c28ead638b0025864018f4888d_JaffaCakes118.dll
Size

59KB
MD5

258403c28ead638b0025864018f4888d
SHA1

c57a2488c9211a755afa23d486d2e5bafb3b0107
SHA256

ac9b1d9815c452dfbc58e4968712f7e3d652647c08f9153f8453a063f7ca208c
SHA512

58f0dc5030b599ff58e370d31d52d68efe9e216275cc94762470bc776d72edd447b38bd1d5b4abcd8362004693b635a50b7e31974c63c0a6839515c91d9572ca
SSDEEP

1536:sIydUercvKurUZwTVX3mkX9X3fmfuRNeeUevgj7HHbX6:sI6UeYvnyGVXRXgUeyonHH76

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 464	2084	regsvr32.exe	81
PID 2084 wrote to memory of 464	2084	regsvr32.exe	81
PID 2084 wrote to memory of 464	2084	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\258403c28ead638b0025864018f4888d_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\258403c28ead638b0025864018f4888d_JaffaCakes118.dll
  2⤵
  PID:464

memory/464-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/464-1-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download