721e3329d9f474193a937fd763b007fc415f897154f317e2bd46c03b08af9518

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 04:54

Target

2f0ced010df4ea1d255381f814f46c90_JaffaCakes118.dll
Size

164KB
MD5

2f0ced010df4ea1d255381f814f46c90
SHA1

9a702477e78b4b22088dcb03ffc2b70f8c394f7c
SHA256

721e3329d9f474193a937fd763b007fc415f897154f317e2bd46c03b08af9518
SHA512

6a399ab506fc4104fb0662561a8fa05b47b5748d809d4d60066decae1c40f9ff7a1e5413577edff5996a324f0e1d1a520c646f1d1e1254794c1111ea49367261
SSDEEP

3072:86YH0a60i1alWRkNpZHPImtS5Es2K9Tbw9yDxxkPtD:86YUazlsk7BPXS5Es2ATbwiGt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3412 wrote to memory of 888	3412	regsvr32.exe	82
PID 3412 wrote to memory of 888	3412	regsvr32.exe	82
PID 3412 wrote to memory of 888	3412	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2f0ced010df4ea1d255381f814f46c90_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3412
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2f0ced010df4ea1d255381f814f46c90_JaffaCakes118.dll
  2⤵
  PID:888

memory/888-0-0x0000000004190000-0x00000000041C2000-memory.dmp

Filesize
200KB

Download