e089051933fa3304b6d0193616cb0f260fb1508bad460bb75c479acc893a8ee3

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 05:36

Target

2b296ed372dbc22ae5f6ef22e3b689cb_JaffaCakes118.dll
Size

158KB
MD5

2b296ed372dbc22ae5f6ef22e3b689cb
SHA1

08b44d983f38f702bad20f78c63c2616319bbdb8
SHA256

e089051933fa3304b6d0193616cb0f260fb1508bad460bb75c479acc893a8ee3
SHA512

d63bca468a834a73016fd862ffa77e2751e54585b5b3f1e1d6fe298a28e84199be96eba41306ad418f1882bfd83c3f473c05c707935e68d161fd3d71f9fbb167
SSDEEP

1536:UpgkG2kH8/9rlYZSOBnn8AdcyRIDsz4rbaZo5lXoUn/Bn8xg5iWqUcK89RDO0gh4:xkDks9An5DaDszUbt//B8xd9nD7+9

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 3048	2092	regsvr32.exe	30
PID 2092 wrote to memory of 3048	2092	regsvr32.exe	30
PID 2092 wrote to memory of 3048	2092	regsvr32.exe	30
PID 2092 wrote to memory of 3048	2092	regsvr32.exe	30
PID 2092 wrote to memory of 3048	2092	regsvr32.exe	30
PID 2092 wrote to memory of 3048	2092	regsvr32.exe	30
PID 2092 wrote to memory of 3048	2092	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2b296ed372dbc22ae5f6ef22e3b689cb_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2b296ed372dbc22ae5f6ef22e3b689cb_JaffaCakes118.dll
  2⤵
  PID:3048

memory/3048-0-0x0000000000170000-0x00000000001B3000-memory.dmp

Filesize
268KB

Download