68e13e414e5e857f60ae60d5cb0a0226577905e08bc766a46e1afd5769758a69

Analysis

max time kernel
11s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 18:03

Target

2d4ff26b005e729d5d9de2a456cde5c3_JaffaCakes118.dll
Size

844KB
MD5

2d4ff26b005e729d5d9de2a456cde5c3
SHA1

1b913872a56f6a536a9e8bef89ef382c0823fee4
SHA256

68e13e414e5e857f60ae60d5cb0a0226577905e08bc766a46e1afd5769758a69
SHA512

b3132fb4f7131f99872c71a03d54fb67f90b11b381e22ed36202dbe7b557acf0a766823e0a9a3a6f0c3d31e5a72388c7f1cc138dc8b42f95f472d39ec2f9764e
SSDEEP

12288:3/heLhXroV+xwZr3cojxomBaeaLVt8UDWTkowdpnzva8O:vwXroV+xKrqfeaLVgThsW8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 1668	2968	regsvr32.exe	29
PID 2968 wrote to memory of 1668	2968	regsvr32.exe	29
PID 2968 wrote to memory of 1668	2968	regsvr32.exe	29
PID 2968 wrote to memory of 1668	2968	regsvr32.exe	29
PID 2968 wrote to memory of 1668	2968	regsvr32.exe	29
PID 2968 wrote to memory of 1668	2968	regsvr32.exe	29
PID 2968 wrote to memory of 1668	2968	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2d4ff26b005e729d5d9de2a456cde5c3_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2d4ff26b005e729d5d9de2a456cde5c3_JaffaCakes118.dll
  2⤵
  PID:1668