bd201a9af11be2656e39d0309e28e741559e5d391c852605bfc58849b25f804b

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 09:42

Target

281689072116cde64bb1c5606161137f_JaffaCakes118.dll
Size

30KB
MD5

281689072116cde64bb1c5606161137f
SHA1

13b6e6e5166819c6bc6b514d3ccdda27086a97cf
SHA256

bd201a9af11be2656e39d0309e28e741559e5d391c852605bfc58849b25f804b
SHA512

191a6f98f2c82f9f13f457ea9261f2c7e27af7fffa88d307246dacbe0ae580ec7b488d5ac6da82d64c4a4175e00759f22e3f7f8913f4ffcabc6530d7920d6c7f
SSDEEP

768:3KSqquxD0GQjgRJMemhGKAVfqgXrJJd1jki0kx2fb:NqquxD0GQSPmchdvqJT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 520 wrote to memory of 60	520	regsvr32.exe	82
PID 520 wrote to memory of 60	520	regsvr32.exe	82
PID 520 wrote to memory of 60	520	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\281689072116cde64bb1c5606161137f_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:520
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\281689072116cde64bb1c5606161137f_JaffaCakes118.dll
  2⤵
  PID:60