815e8337ffee671907b8e5d15dfe69946356620e1261031ec1ef6470a73eef30

Analysis

max time kernel
14s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 00:09

Target

2e5293cb772e77c9a7cb61629c77313e_JaffaCakes118.dll
Size

728KB
MD5

2e5293cb772e77c9a7cb61629c77313e
SHA1

a4847645c554bcff35eabe00d1686b10cec98132
SHA256

815e8337ffee671907b8e5d15dfe69946356620e1261031ec1ef6470a73eef30
SHA512

eb6ddb976c92475ee35cd55ceba50e395cd62cf037e5ca58d9147f18ff0685b7c8f35a1a7d2ff9b6803af716db8000b59f31306076802dc765a0b809cd7ec2f3
SSDEEP

3072:vCw1aOm5mnPByfMGmlqMyuwKRx9bT1WLwno6MTgJSDGvv6ijiJP0N6tEf:6IHjqoRJ2nfGvvoC6

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 1420	1996	regsvr32.exe	29
PID 1996 wrote to memory of 1420	1996	regsvr32.exe	29
PID 1996 wrote to memory of 1420	1996	regsvr32.exe	29
PID 1996 wrote to memory of 1420	1996	regsvr32.exe	29
PID 1996 wrote to memory of 1420	1996	regsvr32.exe	29
PID 1996 wrote to memory of 1420	1996	regsvr32.exe	29
PID 1996 wrote to memory of 1420	1996	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2e5293cb772e77c9a7cb61629c77313e_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2e5293cb772e77c9a7cb61629c77313e_JaffaCakes118.dll
  2⤵
  PID:1420