721e3329d9f474193a937fd763b007fc415f897154f317e2bd46c03b08af9518

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 04:54

Target

2f0ced010df4ea1d255381f814f46c90_JaffaCakes118.dll
Size

164KB
MD5

2f0ced010df4ea1d255381f814f46c90
SHA1

9a702477e78b4b22088dcb03ffc2b70f8c394f7c
SHA256

721e3329d9f474193a937fd763b007fc415f897154f317e2bd46c03b08af9518
SHA512

6a399ab506fc4104fb0662561a8fa05b47b5748d809d4d60066decae1c40f9ff7a1e5413577edff5996a324f0e1d1a520c646f1d1e1254794c1111ea49367261
SSDEEP

3072:86YH0a60i1alWRkNpZHPImtS5Es2K9Tbw9yDxxkPtD:86YUazlsk7BPXS5Es2ATbwiGt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 2960	2944	regsvr32.exe	28
PID 2944 wrote to memory of 2960	2944	regsvr32.exe	28
PID 2944 wrote to memory of 2960	2944	regsvr32.exe	28
PID 2944 wrote to memory of 2960	2944	regsvr32.exe	28
PID 2944 wrote to memory of 2960	2944	regsvr32.exe	28
PID 2944 wrote to memory of 2960	2944	regsvr32.exe	28
PID 2944 wrote to memory of 2960	2944	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2f0ced010df4ea1d255381f814f46c90_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2f0ced010df4ea1d255381f814f46c90_JaffaCakes118.dll
  2⤵
  PID:2960