13fa37ccf5aaa7d38b1edbc6730dcce49add3aff7f5237633abae25868716953

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 16:09

Target

310f55a2f3de9e160c01dc8fa23c7128_JaffaCakes118.dll
Size

661KB
MD5

310f55a2f3de9e160c01dc8fa23c7128
SHA1

0d5bfe67add3f31feb2e69394e9106fbfdde0fa3
SHA256

13fa37ccf5aaa7d38b1edbc6730dcce49add3aff7f5237633abae25868716953
SHA512

08567f15e7626bc434920122682384a7130b4d5f8412dbb4bedd8c2ab12e6dcb35373935ae005515d0ae01a77bbc09e17b71304aab962c07861a9a1fc5862359
SSDEEP

12288:J3MlbSeGIZEZHV77u0w+lrtLsNaLTXSwaNYk4wi3:J3MVsHV77uAaaLTXHaNYk493

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2668	2252	regsvr32.exe	30
PID 2252 wrote to memory of 2668	2252	regsvr32.exe	30
PID 2252 wrote to memory of 2668	2252	regsvr32.exe	30
PID 2252 wrote to memory of 2668	2252	regsvr32.exe	30
PID 2252 wrote to memory of 2668	2252	regsvr32.exe	30
PID 2252 wrote to memory of 2668	2252	regsvr32.exe	30
PID 2252 wrote to memory of 2668	2252	regsvr32.exe	30

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\310f55a2f3de9e160c01dc8fa23c7128_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\310f55a2f3de9e160c01dc8fa23c7128_JaffaCakes118.dll
  2⤵
  PID:2668