01b16243a65b6aac6d2c30b28316d0a455fe4eae75eb381b0a9cd3cb07996a0f

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 00:39

Target

273cea4dd4b9f72ef935585266bd59de_JaffaCakes118.dll
Size

14KB
MD5

273cea4dd4b9f72ef935585266bd59de
SHA1

ce500b0097e2ce2187968150a219a6054180dcb8
SHA256

01b16243a65b6aac6d2c30b28316d0a455fe4eae75eb381b0a9cd3cb07996a0f
SHA512

5453f6ebcecd8e3c45c6f8f456b3ed9b5c0f0617223efc6a4c481fe0fcc2b13692c94fc0426e740adacc24ab4b255657cc85493169bb25d34d8e692d7f81c4b2
SSDEEP

192:U99a5svpoXAm37q9Kcaq1CsgWI8e3u4vs7E7vfe4mZWPt4i7A:C9LvcWkc2sno3GivRB

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3032	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 3032	1356	regsvr32.exe	30
PID 1356 wrote to memory of 3032	1356	regsvr32.exe	30
PID 1356 wrote to memory of 3032	1356	regsvr32.exe	30
PID 1356 wrote to memory of 3032	1356	regsvr32.exe	30
PID 1356 wrote to memory of 3032	1356	regsvr32.exe	30
PID 1356 wrote to memory of 3032	1356	regsvr32.exe	30
PID 1356 wrote to memory of 3032	1356	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\273cea4dd4b9f72ef935585266bd59de_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\273cea4dd4b9f72ef935585266bd59de_JaffaCakes118.dll
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3032

memory/3032-1-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download
memory/3032-4-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download
memory/3032-2-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download
memory/3032-0-0x0000000010002000-0x0000000010004000-memory.dmp

Filesize
8KB

Download