fa551f2805dfe08b244f46fdba9330beac7233b8510536dcc750d31742252608

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 07:30

Target

27bbb041cfde020c53d2ec4928dd179a_JaffaCakes118.dll
Size

22KB
MD5

27bbb041cfde020c53d2ec4928dd179a
SHA1

abc5512ef045a6725faa8eb5f05a5a64798d143e
SHA256

fa551f2805dfe08b244f46fdba9330beac7233b8510536dcc750d31742252608
SHA512

00511bedcc5fe169147cec927fb7b31a12c136ec663c84e2d6c64bcb2072869130cffc1769754adeb3842a82458b2b02430337f7d668a2ea9bbf2d4fe7d2fdd8
SSDEEP

384:eYRdCy9MqlWDmQm9gVxhkVdH+kcnvImJAI3jqbWBaGEW5aO:hCyaqlGmQ7Q8vb6GEW5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4192 wrote to memory of 3772	4192	regsvr32.exe	82
PID 4192 wrote to memory of 3772	4192	regsvr32.exe	82
PID 4192 wrote to memory of 3772	4192	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\27bbb041cfde020c53d2ec4928dd179a_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4192
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\27bbb041cfde020c53d2ec4928dd179a_JaffaCakes118.dll
  2⤵
  PID:3772