8aec2fdb3fd8616efdced65afffaa7d98f1db4cfce9407f2f90063edfa441174

Analysis

max time kernel
17s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 17:27

Target

314c658ae62ee0b42c2b0314633ffaf0_JaffaCakes118.dll
Size

88KB
MD5

314c658ae62ee0b42c2b0314633ffaf0
SHA1

c3d748885261e41a10dc7ce4d4d4f2195321268c
SHA256

8aec2fdb3fd8616efdced65afffaa7d98f1db4cfce9407f2f90063edfa441174
SHA512

5431ceb58e528f0dacaa1eb92d95670e7e212cba41e7eedd5b0550e9bce9c565ec3ca0c41f582f5177294fa5b7fc4ef3e1056315b4d40ea6cf37c0a08901ab69
SSDEEP

1536:860lILUkCYmZYfeTVvZInWSQWhImr9ot4XgORDSVLvLz52rdfzDKCl1ZIS:nsmUk0Ae7InWSNhzr9I4g2S9yfyEnIS

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 988	2508	regsvr32.exe	29
PID 2508 wrote to memory of 988	2508	regsvr32.exe	29
PID 2508 wrote to memory of 988	2508	regsvr32.exe	29
PID 2508 wrote to memory of 988	2508	regsvr32.exe	29
PID 2508 wrote to memory of 988	2508	regsvr32.exe	29
PID 2508 wrote to memory of 988	2508	regsvr32.exe	29
PID 2508 wrote to memory of 988	2508	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\314c658ae62ee0b42c2b0314633ffaf0_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\314c658ae62ee0b42c2b0314633ffaf0_JaffaCakes118.dll
  2⤵
  PID:988

memory/988-0-0x0000000000200000-0x0000000000243000-memory.dmp

Filesize
268KB

Download