2682ef13cc17b06c6c1a3055d4c033669a2b885bcb1c46c08c8cdcc31e6ff242

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08-07-2024 22:07

Target

2dfc65056588e8ed8c32d8104844231e_JaffaCakes118.dll
Size

117KB
MD5

2dfc65056588e8ed8c32d8104844231e
SHA1

2f40b433a69f930de4cd2a7b66e3be5126a300d1
SHA256

2682ef13cc17b06c6c1a3055d4c033669a2b885bcb1c46c08c8cdcc31e6ff242
SHA512

7c14b101134b98a1c7b9e85c8dc52f16fe68a53e1727ebebe653d2eaf9d838c83e113ae04b26009b6d49cee685579380e17d2d9f6c4d463d92973f44582d2ff8
SSDEEP

3072:MY6uBMC78l8VutkQPFyQQzH0DXdbkvP4M+Khsu:MY6uxQleuyQPFQzHCUL

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 2616	2708	regsvr32.exe	30
PID 2708 wrote to memory of 2616	2708	regsvr32.exe	30
PID 2708 wrote to memory of 2616	2708	regsvr32.exe	30
PID 2708 wrote to memory of 2616	2708	regsvr32.exe	30
PID 2708 wrote to memory of 2616	2708	regsvr32.exe	30
PID 2708 wrote to memory of 2616	2708	regsvr32.exe	30
PID 2708 wrote to memory of 2616	2708	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2dfc65056588e8ed8c32d8104844231e_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2dfc65056588e8ed8c32d8104844231e_JaffaCakes118.dll
  2⤵
  PID:2616