7766fa8c1af6bf3de3ee5fa24d657b93e1191140c40c6477bd73c6575578ffe4

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 10:55

Target

3016ee5b396fed457722bc85bbf3d5b8_JaffaCakes118.dll
Size

48KB
MD5

3016ee5b396fed457722bc85bbf3d5b8
SHA1

e62b83ff7b077a930ff5ea065c631b5274dd9c77
SHA256

7766fa8c1af6bf3de3ee5fa24d657b93e1191140c40c6477bd73c6575578ffe4
SHA512

af429b8cbec23049d9843d0f405b747fc2e611d1ed4ad3b00d385be58722afe9c8ff3b3912510d33b50408cbb6b519335621126854359000f94ec48532f10a43
SSDEEP

768:ampM8V/VQ1GuorLOWbR/iHCjMAh/rxUTbad9+PgAxO37BA+n:aaja6SW1/iHCj/hL+PgE6Bln

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 804 wrote to memory of 1648	804	regsvr32.exe	28
PID 804 wrote to memory of 1648	804	regsvr32.exe	28
PID 804 wrote to memory of 1648	804	regsvr32.exe	28
PID 804 wrote to memory of 1648	804	regsvr32.exe	28
PID 804 wrote to memory of 1648	804	regsvr32.exe	28
PID 804 wrote to memory of 1648	804	regsvr32.exe	28
PID 804 wrote to memory of 1648	804	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3016ee5b396fed457722bc85bbf3d5b8_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:804
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3016ee5b396fed457722bc85bbf3d5b8_JaffaCakes118.dll
  2⤵
  PID:1648