8f42b2a035ec7aa4a67ac5fa744067470b80a064862f0c29f3b0f9609173551e

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 06:45

Target

279ad992dd8be73eaffb73eea146473a_JaffaCakes118.dll
Size

101KB
MD5

279ad992dd8be73eaffb73eea146473a
SHA1

69b8a554ea7d0c818b29948269e377452e35f67d
SHA256

8f42b2a035ec7aa4a67ac5fa744067470b80a064862f0c29f3b0f9609173551e
SHA512

df284edadf16217488b004d2eaf7e7c33d952b64ddaaf1d2d16bceb0b09393a1a5ce320cd9882e3babdc0c072c17aadaac4263b3c85ccf45757befd767dd060d
SSDEEP

3072:x/fxTDipiahvuu86mZ3fdxZ2c6BcG0jIvYUNxkFF+6n:xBTGVhv386mZvdxZb62QYUU

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2416	2724	regsvr32.exe	30
PID 2724 wrote to memory of 2416	2724	regsvr32.exe	30
PID 2724 wrote to memory of 2416	2724	regsvr32.exe	30
PID 2724 wrote to memory of 2416	2724	regsvr32.exe	30
PID 2724 wrote to memory of 2416	2724	regsvr32.exe	30
PID 2724 wrote to memory of 2416	2724	regsvr32.exe	30
PID 2724 wrote to memory of 2416	2724	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\279ad992dd8be73eaffb73eea146473a_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\279ad992dd8be73eaffb73eea146473a_JaffaCakes118.dll
  2⤵
  PID:2416

memory/2416-0-0x0000000000200000-0x0000000000246000-memory.dmp

Filesize
280KB

Download