0debd28c7be52bd6d2acfdaa53c8b2fa4de3586f2873d3152366f075f6e836b7

Analysis

max time kernel
13s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 16:46

Target

312ee74eb4940e328566f26805a39625_JaffaCakes118.dll
Size

99KB
MD5

312ee74eb4940e328566f26805a39625
SHA1

b4ee15d2a5bd7bfb207deff3587a277f05e3d3ad
SHA256

0debd28c7be52bd6d2acfdaa53c8b2fa4de3586f2873d3152366f075f6e836b7
SHA512

ce57c5c891ad91ea4be1a0d900f4228ebbf42400ff37c82b35e69e4990ecb99aed3e67470b0ff5a963c0365b321d91347f477bba3a5d7eee079e627a403efe5d
SSDEEP

1536:H8Q7lEeRt7LaYjHOilQ929rYqvDNX/tGsgqgtCNIdWCPJQWPPjwxKCyUHr:HTGatiLilQ2jDNvdg4IdWyJ/jcnr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 1660	1916	regsvr32.exe	30
PID 1916 wrote to memory of 1660	1916	regsvr32.exe	30
PID 1916 wrote to memory of 1660	1916	regsvr32.exe	30
PID 1916 wrote to memory of 1660	1916	regsvr32.exe	30
PID 1916 wrote to memory of 1660	1916	regsvr32.exe	30
PID 1916 wrote to memory of 1660	1916	regsvr32.exe	30
PID 1916 wrote to memory of 1660	1916	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\312ee74eb4940e328566f26805a39625_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\312ee74eb4940e328566f26805a39625_JaffaCakes118.dll
  2⤵
  PID:1660

memory/1660-0-0x0000000000190000-0x00000000001AF000-memory.dmp

Filesize
124KB

Download