c1a20672696f5d50c4134a0aea11ac6a84dabf74d887f0a9c451e337ed12e417

Analysis

max time kernel
91s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 11:49

Target

2c3b4a46cde77a05ca80105cbc7834a5_JaffaCakes118.dll
Size

217KB
MD5

2c3b4a46cde77a05ca80105cbc7834a5
SHA1

fb1e05dc9a6e8eb085b11a2d048821e4279b58e0
SHA256

c1a20672696f5d50c4134a0aea11ac6a84dabf74d887f0a9c451e337ed12e417
SHA512

69003dc37e1e0c68982fb910121f8e9e959cd80b81127a286b05eb5196b6c6a39d034f2b879ba62632f6c1ed569ca2a456d220722ce984da707c277bb6d303c1
SSDEEP

1536:bkfL8rQPkfL8rQPkfL8rQPkfL8rQPkfL8rQPkfL8rQPkfL8rQ:q8rQe8rQe8rQe8rQe8rQe8rQe8rQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 5112	4952	regsvr32.exe	82
PID 4952 wrote to memory of 5112	4952	regsvr32.exe	82
PID 4952 wrote to memory of 5112	4952	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2c3b4a46cde77a05ca80105cbc7834a5_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2c3b4a46cde77a05ca80105cbc7834a5_JaffaCakes118.dll
  2⤵
  PID:5112