31aa58a78ebd3f8f44371ff912cfe4d7b53dd139f775ebd88d56b6640c51afe9

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 15:35

Target

28acff351a443eb9f02f01a6ed97adaa_JaffaCakes118.dll
Size

31KB
MD5

28acff351a443eb9f02f01a6ed97adaa
SHA1

ebbd12b13ab2bb418148342b4acdb106ae917f74
SHA256

31aa58a78ebd3f8f44371ff912cfe4d7b53dd139f775ebd88d56b6640c51afe9
SHA512

b93ddf2f402e92dc615abec7138bf121dfab961ea497b5d4ae34187c47789b1de7e58fa51c4c6c9d4c6e6dcc55d3c2edf4d89a366c61212fe8f0c3c74815dd2e
SSDEEP

384:zNNe06t9hcBVP5iqUMo1m97ukMdImdfN09injTpCQxd3Fgv78WIHFqmFrkk:LeP9htjG9p4fN0ShtxtFBWwVFj

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 1668	2388	regsvr32.exe	28
PID 2388 wrote to memory of 1668	2388	regsvr32.exe	28
PID 2388 wrote to memory of 1668	2388	regsvr32.exe	28
PID 2388 wrote to memory of 1668	2388	regsvr32.exe	28
PID 2388 wrote to memory of 1668	2388	regsvr32.exe	28
PID 2388 wrote to memory of 1668	2388	regsvr32.exe	28
PID 2388 wrote to memory of 1668	2388	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\28acff351a443eb9f02f01a6ed97adaa_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\28acff351a443eb9f02f01a6ed97adaa_JaffaCakes118.dll
  2⤵
  PID:1668

memory/1668-0-0x00000000001B0000-0x00000000001BD000-memory.dmp

Filesize
52KB

Download