13fa37ccf5aaa7d38b1edbc6730dcce49add3aff7f5237633abae25868716953

Analysis

max time kernel
125s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 16:09

Target

310f55a2f3de9e160c01dc8fa23c7128_JaffaCakes118.dll
Size

661KB
MD5

310f55a2f3de9e160c01dc8fa23c7128
SHA1

0d5bfe67add3f31feb2e69394e9106fbfdde0fa3
SHA256

13fa37ccf5aaa7d38b1edbc6730dcce49add3aff7f5237633abae25868716953
SHA512

08567f15e7626bc434920122682384a7130b4d5f8412dbb4bedd8c2ab12e6dcb35373935ae005515d0ae01a77bbc09e17b71304aab962c07861a9a1fc5862359
SSDEEP

12288:J3MlbSeGIZEZHV77u0w+lrtLsNaLTXSwaNYk4wi3:J3MVsHV77uAaaLTXHaNYk493

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3992 wrote to memory of 3532	3992	regsvr32.exe	89
PID 3992 wrote to memory of 3532	3992	regsvr32.exe	89
PID 3992 wrote to memory of 3532	3992	regsvr32.exe	89

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\310f55a2f3de9e160c01dc8fa23c7128_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\310f55a2f3de9e160c01dc8fa23c7128_JaffaCakes118.dll
  2⤵
  PID:3532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4236,i,18101465343131957040,13619216624229484913,262144 --variations-seed-version --mojo-platform-channel-handle=4116 /prefetch:8
1⤵
PID:3368