fa551f2805dfe08b244f46fdba9330beac7233b8510536dcc750d31742252608

Analysis

max time kernel
12s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 07:30

Target

27bbb041cfde020c53d2ec4928dd179a_JaffaCakes118.dll
Size

22KB
MD5

27bbb041cfde020c53d2ec4928dd179a
SHA1

abc5512ef045a6725faa8eb5f05a5a64798d143e
SHA256

fa551f2805dfe08b244f46fdba9330beac7233b8510536dcc750d31742252608
SHA512

00511bedcc5fe169147cec927fb7b31a12c136ec663c84e2d6c64bcb2072869130cffc1769754adeb3842a82458b2b02430337f7d668a2ea9bbf2d4fe7d2fdd8
SSDEEP

384:eYRdCy9MqlWDmQm9gVxhkVdH+kcnvImJAI3jqbWBaGEW5aO:hCyaqlGmQ7Q8vb6GEW5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 1660	1916	regsvr32.exe	30
PID 1916 wrote to memory of 1660	1916	regsvr32.exe	30
PID 1916 wrote to memory of 1660	1916	regsvr32.exe	30
PID 1916 wrote to memory of 1660	1916	regsvr32.exe	30
PID 1916 wrote to memory of 1660	1916	regsvr32.exe	30
PID 1916 wrote to memory of 1660	1916	regsvr32.exe	30
PID 1916 wrote to memory of 1660	1916	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\27bbb041cfde020c53d2ec4928dd179a_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\27bbb041cfde020c53d2ec4928dd179a_JaffaCakes118.dll
  2⤵
  PID:1660